Do you know what the HIPAA Security Rule is? What about the Privacy Rule? If you're a health provider, it's paramount you understand what both of these regulations are, otherwise you could end up like a number of health companies - in a financial mess.
"It's paramount that you understand what HIPAA's Security and Privacy Rules are, respectively."
Take St. Elizabeth's Medical Center in Brighton, Massachusetts, which broke HIPAA's Security Rule by violating regulations regarding electronic Protected Health Information, according to Elizabeth Snell of Health Security.
"OCR's investigation determined that SEMC failed to timely identify and respond to the known security incident, mitigate the harmful effects of the security incident, and document the security incident and its outcome," OCR said, per the source. "Separately, on August 25, 2014, SEMC submitted notification to HHS OCR regarding a breach of unsecured ePHI stored on a former SEMC workforce member's personal laptop and USB flash drive, affecting 595 individuals."
These incidents are not uncommon, and the consequences are often devastating. In St. Elizabeth's case, the medical center agreed to pay $218,400 in fines dating back to 2012.
While this fine appears hefty, other providers have fared much worse. In February 2015 it was revealed that 80 million of Anthem's customer records had been potentially breached, accounting for around 612,000 people, reported Elizabeth Weise of USA Today.
The Department of Health and Human Services fined Anthem nearly $2 million.
To better protect themselves, companies need to take cybersecurity seriously, and they must take the time to ensure they're in compliance with state and federal regulations. Not doing so could result in unexpected financial repercussions similar to St. Elizabeth's Medical Center and Anthem.
While these companies may have been able to survive the hefty fines, other smaller companies could have difficulty. That's why it's critical they protect their data by using the latest technology and consulting IT experts.
How You Can Gain Peace of Mind
EiQ offers two SOCVue® hybrid security-as-a-service solutions that can help organizations of any size affordably and effectively improve their cybersecurity and compliance posture:
- SOCVue Security Monitoring gives you visibility and control over your IT environment. You’ll get best-of-breed Log Management and SIEM that is managed around-the-clock for real-time threat detection, analysis and notification, proactive remediation guidance, and compliance auditing.
- SOCVue Vulnerability Management reduces your attack surface and mitigates risk with unlimited managed scans, analysis, risk prioritization, and remediation guidance. Focus on what matters most: your core business.
EiQ’s SOCVue combine the best people, process, and technology to build the enterprise-class IT security program your organization needs. That’s because SOCVue gives you the flexibility and cost savings of a security software-as-a-service offering, but also provides a world-class team of security and technology experts to manage the technology and help implement cybersecurity best practices.
With all the challenges you face today while trying to keep your organization safe, having the best IT security solutions in your corner should not be one of them. Request a demo today to see how quickly and affordably you can improve your security and compliance posture with EiQ.