Does Your Non-Profit Organization Need a Technology Purchasing Advocate?
Your Information Is Safe With Us. Network Outsource will never sell, rent, share or distribute your personal details with anyone. In addition, we will never spam you.
HIPAA compliance can cost so much that the result is a greater vulnerability to cyberattacks. But the right cybersecurity partner reduces both cost and risk.
Many medical professionals have an ambiguous attitude toward HIPAA. As President Russell P. Branzell and CEO Shafiq Rab of the College of Healthcare Information Management Executives (CHIME) wrote in a letter to Congress:
“Significant advancements in healthcare technology have been made possible through policy, however, often overly stringent prescriptive mandates have added to healthcare costs, impeded innovation and increased burdens on clinicians.”
Medical practices, clinics, and hospitals are exposed to cybersecurity risks of two kinds. They are vulnerable to phishing, malicious use of AI, cyberattacks on mobile devices, and attacks on data in cloud storage. But healthcare providers that experience cyberattacks are also at risk of expensive adverse regulatory action for failure to meet HIPAA standards.
How costly can it be for healthcare organizations to be found in non-compliance with HIPAA rules? Just in 2019:
HIPAA fines can range from $100 to $50,000 per violation or record, up to a maximum of $1.5 million per incident per year. This lowest level of fines is applied even when the covered organization did not know and could not reasonably have been expected to know of the data breach. Fines increase when covered entities fail to exercise reasonable diligence or act with willful neglect.
OCR requires payment of fines within 30 to 90 days. Most monetary penalties come with similarly immediate demands for risk analysis, new training programs, and a system for informing OCR of new reportable events.
Fines and administrative costs of correcting non-compliance are significant for large healthcare providers. They could be devastating to a small practice. But compliance also comes with a significant downside.
It is not news to IT managers that HIPAA compliance is complex. It requires significant resources. The underappreciated problem is that complying with HIPAA’s minimum standards may not deter serious threats. HIPAA compliance requires so many resources that healthcare organizations may not be protected from the latest generation of cyber threats. HIPAA-compliant healthcare organizations may find they have less protection from cyberattacks, not more.
The attitude of OCR toward compliance audits and breach investigations is likely to continue to be punitive, rather than restorative. Ideally, healthcare entities would learn from the experiences of other organizations that have had to recover from cyberattacks. But the truth of modern cybersecurity is that every health organization, no matter how small, needs to implement:
The largest healthcare providers can afford dedicated IT departments, but smaller providers more focused on patient care need a cybersecurity partner. But how do healthcare organizations recognize the right cybersecurity partner?
The days of protecting data with antivirus programs and antimalware are over for healthcare providers. Data security requires specialized expertise.
The right cybersecurity partner will provide data security, email security, end-user security, and secure infrastructure. This cybersecurity partner will protect on-site and cloud-based email systems, stop cyberattacks launched by malicious websites, stop drains of bandwidth, stop exposure of data at insecure sites, extend security to devices the healthcare provider does not control, centralize visibility and control, detect malware quickly, secure infrastructure to include remote sites, protect mobile users, block malicious traffic, prevent intrusions, and keep up with the implications of HIPAA rule changes as well as the latest cyberthreats.
And if you operate in New York, you need a partner who can help you with the unique challenges of cybersecurity in New York:
Network Outsource can empower your company to operate securely while taking advantage of new technology. To get the best in service, reach out to Network Outsource to find out how we can help.