Health Information Compliance Alert

Published on Tue Sep 16, 2014 PDF

Tip: Look for all opportunities to encrypt PHI in your organization.

Although many industry experts might argue that a healthcare provider is never fully protected from hackers and data thieves, there are so many things that your organization can do to protect against a messy HIPAA breach. Are you doing everything you can to protect against a data breach?

In an Aug. 26 article published in The National Law Review, Godfrey & Kahn S.C. attorneys Thomas Shorter, Douglas Poland and Scott Thill provide the following questions that you should ask about your organization in light of the recent Community Health Systems, Inc. breach:

1. When did we last review and update our HIPAA security measures? When did you last perform a risk analysis? Does your organization maintain sufficient security logs and malware detection software, and employ other resources to identify external attacks and intrusions on your system?

2. Have we identified all areas in our organization where we may receive or maintain PHI? Has your organization implemented a mobile device policy? Has your organization addressed the use of USB drives, CDs and other portable media?

3. Have we identified all access points to our systems containing PHI? Has your organization reviewed its networked devices for potential vulnerabilities that may allow an intruder to bypass your security? Are there additional opportunities to encrypt PHI within our organization?

4. Do we have sufficient cyber or other liability insurance to cover breaches of PHI? Will your organization’s existing insurance cover the expenses related to a breach and, if not, should you procure such insurance?

5. Even though we have addressed HIPAA’s requirements, should we do more? Does your organization have opportunities for additional protection that are feasible?