Hospitals Go Under the MicroscopeHospitals Go Under the Microscope
Upcoming security audits could cause ripples across the HIPAA compliance pond
January 8, 2008
5:00 PM -- Healthcare is changing. No, your drug prescriptions won't cost you less, and yes, the draconian nurse is still going to lack a sense of humor. But hidden behind the scenes are regulatory changes that could spell a lot of additional spending to beef up compliance on the healthcare front.
The Center for Medicare and Medicaid Services has begun spending millions of dollars in a year-long contract to have PricewaterhouseCoopers International perform a series of HIPAA compliance reviews against hospitals that have had privacy complaints filed against them over the last several years. The HIPAA compliance deadline for most hospitals was the middle of 2005, giving hospitals plenty of time to get their act in order.
But PwC won't be auditing all of the entities against whom complaints have been filed -- in fact, only 10 or 20 out of about 200 will get the compliance audit. As a person who visits the doctor precisely once every 15 years, I'm not particularly worried about myself. But it's easy to see why someone who visits hospitals regularly would want a better assurance of privacy.
It's unclear what the penalties will be for hospitals that fail the audit, but portions of HIPAA do include potential jail time for failure to comply. That's a big stick. Since healthcare is already a hot topic of debate as election time draws closer, it will be interesting to see how this issue affects spending over the next several years.
Focusing on healthcare security is not unreasonable, given the frequent media reports of breaches and the incredible damage to people's privacy and safety that can ensue. Imagine if the whole world knew you were deathly allergic to peanuts. It's not hard to hatch what Bruce Schneier calls a "movie plot scenario" where your worst enemy finds this fatal flaw after hacking into your hospital records.
While such scenarios may not seem likely, other records -- including your billing information -- could be of far greater value to a random attacker. It will be interesting to see what happens over the next few years, as purse strings loosen in order to tighten up healthcare compliance.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023