Tightening Healthcare Organization Security

Fotolia_67580686_XSHealthcare security is something that is very important. One example of why it is important is the data breach that occurred at Community Health Systems. This data breach resulted in names, social security numbers, and other details about patients being exposed. The total number of people whose data was breached was 4.5 million. This was the direct result of a lack of attention to patient data security and privacy.

For over 10 years, the Health Information Portability and Accountability Act, or HIPAA, has required all within the healthcare industry to implement security controls that protect the data of patients, but there are many organizations out there that don’t pay a lot of attention to the rules because enforcement of the standards are rather lax.

But now the Office for Civil Rights, or OCR, has started cracking down on healthcare providers that are not exercising proper security measures. In fact, there have been more privacy and security breaches than many patients and many within the healthcare industry realize. The Health Information Technology of Economic and Clinical Health Act of 2009 specifies penalties for noncompliance in the way of security.

What happens, in many cases, is that the healthcare providers don’t see the issue until their data is breached. So far in 2014 alone, there have been around 150 incidents in which personal data was breached.

Health Information Management

The industry has a long history of not recognizing the value of healthcare information to those that do not want to do good things with it. There are individuals out there that will try to do malicious things with patient data.

In addition to the lack of enforcement by HIPAA, the industry has also suffered from a lack of auditing requirements for security reasons. However, healthcare providers can opt for their own audits. They can have a third party come in and perform a healthcare audit for them, also covering security so that they can see where improvements need to be made. This is something that can do a great deal for patient safety, as well as keep the healthcare provider from being the subject of a breach due to lax standards.

HIPAA has no requirement that a provider have a third-party conduct an audit. The only time they require such is when there has been a breach or someone has reported a violation. Audits can be done by providers anyway for their own peace of mind.

Other industries, such as the financial services industry, have to go to great lengths to ensure security and privacy. They have to be able to produce audit reports on request. Healthcare has no such requirement, although the information that is passed around within the industry is very sensitive and much more valuable in the underground market than financial information.

What many in the healthcare security sector fear is that it is going to take a large incident, such as a Target-sized episode where a healthcare provider and their system is compromised. It would be a major blow to health information management, but physicians and hospitals can prevent such a breach by having their own audits performed so that they can tighten their systems and ensure patient safety. This is the incentive to invest in better healthcare security even if there really is no material consequence to the failure to protect information. Physicians and hospitals also protect their infrastructures when they implement better health information management.

HIPAA Compliance

Although HIPAA does seem to have little to no effect in the protection of patient data, there are penalties if a breach happens. Just because HIPAA doesn’t enforce their penalties unless there is a proven breach or a legitimate report doesn’t mean that healthcare providers can’t take matters into their own hands. Although a physician can go years without any reports or breaches, once one happens the damage can be astronomical. The breach can hurt the practice’s or facility’s infrastructure and it can damage their reputation. Patients do not want their medical details to go beyond those that are treating them, so it is the responsibility of those handling that information to protect it. That is what patients expect, thus they place a lot of trust in the healthcare industry.


If you wish to have audits performed on your healthcare security so that you can determine what areas need improvement, MD Pro Solutions can help you every step of the way. To learn more about how we can help you, call us at 508-946-1665 or fill out our contact form to ask questions request a free consultation.