Cygilant Blog

How Does HIPAA Affect Cybersecurity? Here's What You Need to Know

Posted by Security Steve on Oct 16, 2015

Most of us know the HIPAA Privacy Rule primarily as that document you sign when you go to the pharmacist. But if your business is in the health industry or intersects with it, HIPAA is a great deal more than that. Even if you aren’t directly connected to this sector, it's helpful to understand the ramifications of digital privacy and security.


Earlier this year, the Cancer Care Group, an Indiana-based oncology practice, got hit with a $750,000 fine for a breach of patient information from an unsecured device. This underscores the need for healthcare-oriented sites to pay particular attention to online security.


This lack of fundamental digital security by the medical practice was not just a breach of basic security practice but of the Health Insurance Portability and Accountability Act of 1996, specifically the HIPAA Privacy Rule. In other words, Cancer Care Group broke the law by not having a privacy policy in place.

What is the HIPAA Privacy Rule?

The Rule “requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.”


The Affordable Care Act of 2010 has hastened the trend toward electronic records, according to HIPAA enforcement agency, Centers for Medicare and Medicaid Services (CMS).


“In addition,” say the CMS, “health plans will be required to certify their compliance. The Act provides for substantial penalties for failures to certify or comply with the new standards and operating rules.”

What the HIPAA Privacy Rule Means for You

The Cancer Care Group breach illustrates several issues regarding online security:

  1. Saving money by neglecting safety will eventually cost you far more money than you would have spent originally.
  2. Without a privacy policy in place, your employees are on their own. In this case, an employee’s device was stolen and the data on it was not encrypted.
  3. If you don’t create and implement a privacy policy voluntarily now, you will have to do it under duress when you are hacked.
  4. If the absence of security leads to a breach, you will pay for it with your reputation.

When it comes to data breaches, it’s always better to play it safe. You shouldn’t be taking risks when it comes to the security of your data and your business, no matter the sector you’re associated with.


If you need help with security such data, you can turn to EiQ to consult experts in the field. EiQ’s security monitoring technology and managed services will help you avoid what happened to the Cancer Care Group.

Top photo credit: Pressmaster/Shutterstock

Tags: Healthcare, Cybersecurity, HIPAA

Most Recent Posts

Subscribe to Email Updates