New HIPAA Omnibus Rule Changes Health IT Security Landscape
Rule means more audits and increased penalties if compliance is not achieved
(PR NewsChannel) / CHICAGO / Healthcare providers are now facing an immediate need to provide security risk assessments and testing to meet compliance requirements with HIPAA. On January 17, 2013, a new omnibus HIPAA privacy and security rule was released, bringing with it more audits and increased penalties if compliance is not achieved. This requirement is the beginning of a new, and very necessary, push towards Health IT security and data protection.
In a series of in-depth research interviews conducted with CIO executives from some of the largest hospitalists in the U.S., one of the top 'worst-case' security scenarios keeping them up at night is how to prepare for a data-at-rest breach caused by loss or theft of a mobile device. Furthermore, fines are no longer restricted to massive data breaches, as HHS confirmed it received a $50,000 settlement from a breach in Idaho stemming from a lost laptop that only involved 441 patients in January 2013. While technology-based vulnerabilities are part of the problem, most executives agree that operational and people-related processes pose the biggest risk of an incident, a problem that can only be solved through better education, training and change management.
More Security Insights
- The 12 Critical Questions You Need To Ask When Choosing an AD Bridge Solution
- A New Set of Network Security Challenges
"As healthcare organizations rush to adopt new technologies, security often takes a back-burner which causes near and long-term problems in managing risk." said Parham Eftekhari, EVP Research, HealthTech Council. "With penalties in the recent Omnibus up to $1.5 million per violation, it is critical healthcare executives understand how IT deployments create risk, and what they can do to mitigate their exposure."
The other top security challenges facing healthcare executives in addition to maintaining HIPPA compliance and privacy laws, are: securing data-at-rest, data in the cloud, information sharing, BYOD/mobile device management, providing patients secure access to their health records, operational and process risk management, employee risk/security awareness and training.
The national HealthTech Council executives providing this research and leading action groups are convening at the invitation-only HealthTech Meeting April 21-23 in Chicago to collaborate with some of the industry's leading solution providers to discuss these new policies and solutions for the future. Due to the recent events, HealthTech is urging security companies and other technology providers in Health IT Security to get involved because of the immediate demand for these solutions.
The HealthTech Council is reviewing industry experts to lead roundtable strategy sessions at the upcoming HealthTech Council Meeting in April, including: "The Mobile Revolution: Remote Care without Compromising Security and Quality"; "Operational Risk Management: People, Process, Technology";"Help, My Data Has Been Breached!: Insights on Threat Prevention, Detection, Response"; "People and Culture: Healthcare Transformation's Biggest Challenge"; and "Future Legal & Compliance Considerations that Will Impact You." These sessions will allow healthcare professionals and solution providers to discuss best practices and lessons learned based on the most important topics affecting the Health IT Security ecosystem.
About HealthTech: The HealthTech Council provides executive-level collaboration, information sharing and education on the strategic and operational impact of information technology on the healthcare industry. As a research based organization, HealthTech is focused on cutting-edge issues including Informatics, Risk Management, Interoperability, mHealth, Security/Privacy, Cloud Computing, Information Sharing, Compliance, Telemedicine and IT's role in supporting ACOs, Population Management and pay-for-performance. Through its semi-annual HealthTech Council Meeting, Action Committees, publications and workshops, HealthTech provides unique peer-to-peer forums for executive-level sharing of best practices and lessons learned resulting in actionable strategic plans and industry-wide solutions. HealthTech views IT as a strategic business asset, not a cost-center, resulting in content designed for both IT (CIO, CMIO) and non-IT (CMO, COO, CFO, Director/VP) executives from hospitals, health care providers, industry, academia and government. www.HealthTechCouncil.org