Working beyond the minimum HIPAA requirements

June 15, 2018
Medicare Web

HIPAA requires covered entities to protect and confidentially handle patients’ protected health information. Organizations must remain vigilant or they risk violating HIPAA. Most organizations don’t set out to violate HIPAA but misunderstanding the law can lead straight to a breach that could have been easily prevented.

Meeting the bare minimum required by HIPAA might satisfy the letter of the law, but hardly the intent. Remember, many states have stricter security laws than HIPAA, and when that’s the case, HIPAA requires the organization to default to the state’s stricter laws. HIPAA compliance is meant as a basic floor for security. Against today’s sophisticated cyberattacks, that minimum might not save an organization from a security incident, such as a ransomware attack, that could cause serious and expensive damage.

Compliant has never meant secure, says Kevin Beaver, CISSP, independent security consultant at Principle Logic, LLC, in Atlanta. “Yet people continue to make decisions supporting short-term compliance efforts with minimal thought going into long-term information privacy and security improvements.”

Related Topics: 
HIPAA