HIPAA compliance is something that has been talked about a lot in the last few years. HIPAA rose into prominence since it protects the patients’ PHI (protected health information). Given how healthcare data breaches have become quite common, and how HIPAA is being used to place safeguards to reduce the breaches and ensure PHI stays safe, HIPAA compliance is necessary. This article will explore how a solution like HIPAA compliance management software can help you simplify compliance, be ready for audits, and avoid penalties.
A brief refresher
As previously mentioned, HIPAA, or the Health Insurance Portability and Accountability Act, was established to ensure that healthcare organizations that deal with patient information (PHI) protect it from theft and fraudulent activities. The organizations that need to be HIPAA compliant are covered entities and business associates. If these organizations do not abide by all the rules and regulations laid down by HIPAA, they will face penalties that can cost up to $1.5 million per year.Â
With that out of the way, let’s dive into a recent breach and how HIPAA compliance management software could have helped.Â
Over 27,000 patients’ PHI exposed
This occurred in Aurora Medical Center in Marinette and was the result of a phishing attack that took place back on the very first day of this year (2020). As per the rules, they notified the affected 27,137 individuals whose PHI has been compromised due to the attack about the breach.Â
The hackers had sent out targeted emails to lure the hospital’s employees into thinking that they received legitimate emails from trusted individuals. However, just as with all phishing emails, that was not the case. The employees inadvertently responded to the messages, causing their email credentials to be disclosed and accessed by the impostors.Â
All this was detected by the healthcare provider on January 9th, 2020 – prompting the concerned individuals to reset passwords to mitigate further damages. The incident was, later on, reported to law enforcement.Â
Afterward, an internal inspection was done to understand the categories of information hackers got their hands on. Following the investigation, it was revealed that the emails belonging to the accounts contained PHI. While no evidence showed the misuse of the disclosed patient data, medical identity theft is not out of the question yet.Â
A variety of PHI was stolen – names, marital status, DOB, addresses, phone numbers, email addresses, medical record numbers, photographs, and many more.Â
What’s next?
Improvement of email security is on the cards for Aurora Medical Center, while the employees will be provided with training regarding security and how to identify and report suspicious emails like the ones they received.Â
HIPAA Compliance Management Software can help
While data breaches cannot be avoided, organizations can avoid violations by simply ensuring HIPAA compliance. Even if there are data breaches, organizations still have to follow rules and regulations set forth by the Data Breach Notification Rule. Also, as long as organizations follow the rules to the T, they will not face penalties and be on the safe side.
HIPAAReady is a HIPAA compliance management software that helps simplify and streamline compliance for organizations. It provides digital checklists, policy and procedure customization, incident reporting, and also training management to cater to your HIPAA compliance needs – all with a single application. By using HIPAAReady, ensure that all your employees are on top of the game all the time and make HIPAA compliance easier than ever before.Â
