New HIPAA rules this month: Is your plan in place?
The HIPAA Omnibus Final Rule is going into effect on Sept. 23, 2013, making enforcement of HIPAA violations and patient data breaches more intense. Violations can be more vigorously enforced and the punishments and fines promise to be more harsh and frequent.
The main focus for those charged with protecting patient data security, according to a recent article in Health IT Security, is to evaluate current risk. This can mean looking at past instances of patient data being exposed, as well as a company’s policies and procedures surrounding data and loose media.
Since the start of 2013, dozens of cases have been reported in the health care sector where patient data information was copied onto unencrypted flash drives and left in cars, found in garages, and even turned up in the hospital laundry.
Not sure how to properly evaluate your risk? Use a trusted outside advisor, who can more easily analyze your company’s practices in comparison to industry standards.
Patient Data Crackdown
Whether the data is housed in a medical facility or at the offices of a technology partner, staff everywhere must be on guard to protect patient data. The maximum penalty under the new rules will be $1.5 million.
Most of the data breaches occurring recently have not been cases of outsiders hacking into the data network.
Instead, patient data is being stored on mobile devices, flash drives, or other media, and not being inventoried and tracked. In most cases, organizations need to formulate a plan to give authorized employees access to the data they need via a secure connection, rather than copying the information onto unsecured drives.
Where patient data is currently on portable hard drives, laptops and other media, hospitals, medical offices and their data technology partners need a plan to wiping sensitive data from the drives before they leave the premises.
Onsite data destruction
Onsite data destruction is the best defense against loss of patient medical data from loose media, retired desktops, laptops, mobile devices, flash drives, and failed server hard drives.
At many hospitals, doctor’s offices and medical centers, students and interns make up a significant part of the skilled staff with access to medical data. Data destruction should be as easy as dropping drives, disks, and media into a secure bin on the way out the door. Even a resident running on four hours of sleep can do that!
Meet TEAR-A-BYTE®, {TAB} (Patented), TechR2’s solution to secure onsite data destruction. TAB® utilizes leading edge technology, providing secure containment and onsite data destruction with our NSA certified degausser.
For each project you will receive a serial number report and a certificate of destruction to store for future audits. This is critical in case of a suspected data breach. For state-funded institutions, it is even more critical to have a paper trail to prove your compliance with data security measures.
More complex jobs can take advantage of TechR2’s more advanced systems.
Are your hospital’s executives ignorant of the risks of data stored on flash drives, hard drives and other loose media? Be kind and inform them of recent court cases, and present simple and effective solutions such as TAB®. Information about compliance with HIPAA and other federal guidelines governing data privacy can be found here.
[vc_row type=”grid” row_type=”section” bg_image_repeat=”repeat” padding_top=”24″ padding_bottom=”24″][vc_column dp_animation=””][vc_separator][/vc_column][/vc_row][vc_row type=”grid” video_bg=””][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-left”][/vc_column][vc_column width=”1/2″ dp_animation=””][vc_widget_sidebar sidebar_id=”posts-footer-block-right”][/vc_column][/vc_row]