What is Your Plan to Secure PHI?
WHAT HAPPENS WHEN THE AUDIT ALARM GOES OFF…
The obvious business case beyond regulatory compliance with the HIPAA Security Rule is the professional responsibility to protect each patient’s personal health information as you would your own. Real and damaging repercussions to your organization for inadvertent or intentional breaches of protected health information drive the need to implement an effective risk management program.
Health information data breaches are increasing in number and in magnitude. The fraudulent use or sale of personal health information is also on the rise. PHI breaches can cause significant harm, both to the individuals whose information was breached and to the organizations responsible for protecting it.
Every covered entity and their business associates must comply with administrative, technical , and physical controls that are mandated by the HIPAA Security Rule.
At a minimum, there is a requirement to: assess current security controls & security risks, to identify security gaps, develop an implementation plan to close security gaps, & notify the Secretary of Health and Human Services if a breach of PHI for more than 500 patients occurs in your organization or by one of your business associates.
Whether intentional or unintentional, significant breaches result in audits, financial penalties and loss of reputation in the community. The clock is ticking. Isn’t worth your time to make security risk management a priority in your organization?