Lax Security Practices Could Cost You Everything

lax security practices could cost you everything

The fireworks may be over, but cyber-criminals are waiting to blow up your weakest link. Understanding the vulnerability of personal health information (PHI), is not enough. Neither is having fierce security protocols that are not supported and executed by everyone in your organization. This year there have been 92 major breaches involving PHI and we are just heading into summer.

An article at Attorney at Work reminds us how vulnerable organizations really are without even knowing it. Your immediate staff may be diligent in protecting PHI, but what about all covered entities? What about your business associates? Are your agreements updated and compliant? Innocent mistakes happen, but it does not negate your responsibilities or eliminate the associated fines and penalties.

There are three steps to ensure HIPAA compliance:

  1. Conduct a risk assessment that addresses physical, technical and administrative safeguards.
  2. Create the necessary documentation such as policies and procedures.
  3. Implement compliance training for all staff.

Turning a blind eye is hazardous. You might just quickly text a co-worker about a patient; just one time won’t hurt. Breach. Maybe you know a patient personally and send them a text. Breach. You archaic fax machine finally blew up, so you toss it in a dumpster. Breach. Want to trade up your copier to the flashiest model? Do you know what you have to do to avoid a breach?

Breach. Breach. Breach. The frequency seems to be intensifying, which clearly is a reflection on our lax security and compliance protocols. PHI is fast becoming the number one target for cyber-criminals. How are you going to choose to fight them?

Litmos Healthcare’s Compliance and Regulatory online education program teaches staff members, regardless of their role, how to keep your organization compliant and patient data secure. The online learning is affordable, customizable, and available 24/7, with up-to-date content. All courses are legally reviewed and continuously updated to meet or exceed regulation requirements.