You’re likely not 100% compliant with HIPAA, read on to find out why. It can be very difficult to comply with all of the HIPAA regulations, there’s a great deal to keep up with and it’s an ever changing landscape. With the digital age thoroughly introduced to medical records, a new breed of HIPAA security and information requirements have been mandated. You can think of this like an iceberg, although the visible and well understood sections of HIPAA law are most often taken care of, there’s much more that office administrators and doctors don’t understand yet. However, this is not your fault. The introduction of Information Technology to the already massive iceberg has created a whole new mysterious and misunderstood underwater section.
Short version: The government has posed regulations with specifics regarding the Information Technology and Cyber Security fields of study. The expectation is for the Healthcare industry to somehow understand all of these requirements atop the already overwhelming medical training and practice administration. Naturally the office administrator is required to put trust into a 3rd party IT Provider but the issue here is that they aren’t responsible for any of their shortcomings. There are no laws or regulations that require an “IT Provider” to know anything, have any experience, or any education prior to promising you security and compliance.
Long version: After reading the short version you may continue here to learn more. First you should just scroll and get an overview of the HIPAA Security Rule Technical Safeguard by clicking this link (caution: you’re expected to become overwhelmed) HHS Technical Safeguard. Keep in mind that this is only one of three safeguards brought to you by the HIPAA Security Rule. The others are the Physical and Administrative Safeguards. It should quickly become apparent that these safeguards are highly involved in Cyber Security, being full of terms such as Audit Controls, Integrity Controls, Authentication, and so on… The worst part is that it has been proven many times, often highly publicized, that your IT Provider doesn’t know both the laws and the necessary technical knowledge. I invite you to go to Google and search for “Healthcare Data Breach”, read through some articles and come to your own opinion.
I won’t tell you not to worry but there are options available that you can have confidence in. The best way to tell if your confidence is appropriately placed is to get a second opinion on your HIPAA Security Rule Compliance Health. If everything is found to be compliant then you know that your money and confidence is well placed. However, if your vulnerabilities and risk highly outweigh your security, you should probably look to find another IT Provider. Keep in mind as well that some second opinions might try to scare you into choosing their product. I’ll tell you what to look for or ask for. Ensure that the reports and presentations given to you are in a logical format with laws, vulnerabilities, and fix actions side by side. Imagine three columns on a piece of paper including The Law, The Associated Vulnerability Found, and finally The Recommended Fix Action. If it’s not this direct and simple then your second opinion is likely trying to be vague and confusing in effort to get your money.
As the Vice-President and CTO of Cyber Security Solutions I have seen too many instances of inexperienced “IT Guys” attempting to secure Protected Health Information. I don’t blame the medical practice because you’ve been doing all that you can for many years and it wasn’t till recently that unrealistic expectations have been brought to you by the government. I call the expectations unrealistic because the IT Industry isn’t regulated, so how can you expect to choose a worthy IT Provider. I invite you to take a look at a better way at www.FLCSS.com. If you find someone else that does as much as we do to make this easier on you, please let me know. We’ll give you a second opinion on your HIPAA Security Rule Compliance Health for free, in fact, if we don’t find anything wrong we’ll give you $100 for your time. I won’t go any further into detail here because I don’t want this to become a sales pitch. I want all that you’ve read to serve as information regarding the real truth about the IT industry and what you’re faced with.