In being just a little over halfway through 2015, still, this year's Identity Theft Resource Center (ITRC) Data Breach Report reveals that 424 data breaches have already occurred as of July 14. This partial year's breaches have exposed more sensitive customer information than last year's breaches. Now is certainly a prime time for companies to review their security measures they take to prevent being the victim data breaches.
The ITRC reports that a vast majority of the breaches that have taken place so far this year occurred in the medical and healthcare field, which is surprising considering that businesses with access to such sensitive information by federal law must be HIPAA compliant.
HIPAA requires businesses hosting sensitive information to "maintain reasonable and appropriate administrative, technical, and physical safeguards for protecting e-PHI (Electronic Personal Health Information)."
- Administrative safeguards include training employees on proper procedures for accessing and handling sensitive information and other onsite data access. Business Associate Agreements (BAA) are also covered under administrative safeguards, which ensures that any third parties who may host protected information do so safely.
- Technical safeguards include encrypting sensitive data, ensuring data is not transmitted over a network, and implementing authentication systems to ensure the right person is accessing sensitive information.
- Physical safeguards are measures such as password protecting computers containing e-PHI, proper disposal of devices that held patient records and limiting access to areas housing this data
Giva is HIPAA compliant and implements each of these safeguards and more with their 7 Key Elements of HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records. With these elements, it is easier than ever to be HIPAA compliant and protect personal health information, preventing disastrous breaches before they happen.