Published July 24, 2015
If you are a "covered entity" under the HIPAA Security rule, then you already know that your company (and thus your employees) collect a lot of protected health information (aka PHI). PHI is basically information about another person that is not for public knowledge but needed in order to conduct business. What business? Information that insurance companies need to process claims and health care professionals need for continuity of care.
Due to more recent mandates, healthcare entities have been required to use electronic health records where patient information is entered, accessed, stored, and distributed through computer and web based programs. The HIPAA security rule simply states that all data that pertains to PHI must be secure and not accessible by persons that do not need to know or by persons that intend to harm.
When we think of breeches in data we first think of “hackers.” According to Symantec, the healthcare industry is a hot target for hackers because medical records contain valuable personal information such as social security numbers, birth and death dates, billing information, etc. Criminals use this information to buy medical equipment, drugs that can be resold, or combine a patient number with a false provider number and file made-up claims with insurers.
Background systems managed by good IT Management firms (like NRC) can reduce the hacker threat. Now your agency is left to face the bigger threat of human error. According to USA today, 80% of the breeches that occur are rooted in employee negligence, by human error or the less frequent rogue employee. According to hipaajournal – 31% of the breeches reported are due to lost or stolen devices, 29% to criminal attacks, 8% to a malicious insider, and 29% to employee errors.
There are some simple steps each employee can take to minimize errors:
Tip: develop a password based on a phrase, song, or poem that you know well!