In the world of healthcare, like any business environment, there is an important difference between being secure and being compliant. Sure, healthcare data security and HIPAA compliance share similarities, but one does not equal the other.
Compliance assessments take place at a specific point in time, but security is every second of every day. While that thought may seem daunting, consider data security as the opportunity to continuously grow and advance your organization’s posture.
Recently I spent some time with ControlScan’s Jeff Wilder, discussing various issues related to healthcare data security and HIPAA compliance. A central theme of our discussion was what it means to build healthcare data security into the HIPAA compliance process.
Understand Your Vulnerabilities
Your business can invest a lot of money in becoming and remaining HIPAA compliant, but still have open security vulnerabilities. For example, you may have a policy in place that protects the confidentiality of healthcare data, but the policy may not cover the integrity or availability of the system components housing that data.
Remember, cyber criminals will take your data any way they can. They’re not following guidelines or checking boxes; they’re looking for holes in your defenses. Those can be physical holes, like unlocked doors or laptops left in cars, or they can be digital such as weak system credentials or poor network segmentation. So, take the time to identify and mitigate your organization’s security vulnerabilities.
Don’t Rely on Your Vendors’ Compliance
A compliant vendor or technology is definitely a plus, but it doesn’t absolve your business from creating and following its own security and compliance practices. Should your organization have a data breach, the onus will be placed squarely on you.
The first step is simply to take responsibility for the security of your healthcare data. Then, document your security risks and implement reasonable solutions for your organization.
Learn more about building healthcare data security into your organization’s HIPAA compliance. Listen to the “HIPAA with Brand Barney” podcast here or on your favorite streaming service.