2019 SecurityMetrics Guide to HIPAA Compliance
"The HIPAA Guide is one of the best helps/tools/references. It's well organized and easy to understand for our medical office staff and providers." - Hedy Haun, Sr. Process Analyst, Sharp HealthCare
"This is the most comprehensive guide on HIPAA I have found." - Crystal Hertz, National Health Foundation.
What's inside the guide?
- Current HIPAA compliance trends
- HIPAA Security, Breach Notification, and Privacy Rule compliance best practices
- Tips from HIPAA auditors to simplify and improve your HIPAA compliance efforts
- Guidelines to remedy major security issues
- A HIPAA security budget outline
Guide Foreword:
Despite advances in security technology and increased governmental cybersecurity initiatives, attackers will not abandon their pursuit of patient data. Patient data is valuable. It can be used to file false claims, acquire prescription drugs, or receive medical care. Patient data often includes enough information to steal a person’s identity entirely, allowing criminals to open credit accounts, file fraudulent tax returns, or receive government-issued ID cards.
This past year, healthcare entities accounted for 27.9% of reported data breaches.
In light of recent data breaches, it’s clear that the healthcare industry is less prepared with HIPAA compliance than patients would expect. HIPAA compliance, especially to the Security Rule, has never been more necessary as the value of patient data continues to rise on the dark web.
Far too often, it’s the simple, easy-to-correct things that go unnoticed and create vulnerabilities that lead to a data breach. Even organizations with layers of sophisticated IT defenses can be tripped up by an employee who opens an errant email or uses a less-than-complex password.
This guide is not intended to be a legal brief on all aspects of the HIPAA regulations. Rather, it approaches HIPAA from the perspective of a security analyst, focusing on how to protect electronic patient data. This guide will examine the policies, procedures, and security controls recommended to keep electronic patient data private and secure as described under HIPAA’s Privacy and Security Rules. It also discusses Breach Notification and Enforcement Rules.
This guide includes recommendations from experienced HIPAA audit and data security professionals."
© 2020 SecurityMetrics. All rights reserved.