Virtual Private Networks (VPNs) were already popular amongst numerous organizations and sectors before the pandemic. Now, with remote and hybrid work so widespread, companies need to be even more conscious of the way they allow employees and contractors to access files and internal systems. You may ask "Do VPN's really work?" Continue reading to find out.
The onset of the COVID-19 pandemic has driven the healthcare industry through several simultaneous changes and challenges. Record patient levels, hospital staff shortages, remote work, and HIPAA exemptions have all made appearances at one point or another. Healthcare organization CEOs and other management figures have dealt with many of these situations on the fly, without much warning. As we progress through 2022 and beyond, what should the industry expect from a change perspective? Continue reading to find out how you can stay ahead of the curve!
The healthcare industry is subject to many types of existing and new cybersecurity threats. With technology constantly developing and information considered to be highly valuable, cyber criminals see this industry as a gold mine of sorts. Crime can also occur internally, with employees playing the part of "bad actor."
With advancements in technology, individuals can now be more involved in their healthcare than ever before. Whether it is pulling results, requesting appointments, or transferring records, the way healthcare data is stored and shared has changed. This practice, often referred to as a right of access, allows for on-demand, and real-time access to personal health information (PHI) on the part of a patient, once requested and received.
In April 2021, Colonial Pipeline, representing critical regional gas supply and fuel infrastructure, was severely disrupted by a ransomware attack. The company's billing and business infrastructure were targeted, resulting in a $4.4 million dollar ransom payment in bitcoin. The ripple effects of the attack caused panic buying and gas shortages in many states along the East Coast of the United States, not to mention dangerous chaos among residents. This all may have been avoided if the firm had adequate or stronger cybersecurity measures in place. This example, among many others, serves as a reminder that no one organization or person is safe from a potential cyber-attack. Oftentimes the best defense is being well-prepared for the inevitable.
Nowadays, more than ever before, we are reminded to stay on top of our hygiene. Whether it is frequently washing our hands, sanitizing work stations, or keeping our distance from others, regular practice is key to preventing illness.
As we develop routines to keep ourselves physically clean, it is important to ensure that we also do not neglect the regular protocols that our technology demands. From computers to mobile phones and everything in-between, in 2021 there were approximately 11.3 billion connected devices worldwide. This number is forecast to grow to 27.1 billion by 2025. These very devices are often home to our most sensitive data. Keeping these items safe from hackers, viruses, and malfunctions requires regular upkeep. With this in mind, we have a few important considerations for building out a new or stronger "immune" system for your cybersecurity hygiene plan.
Sometimes, information not intended to be public knowledge is inadvertently shared with others. Just as easily as it can happen in a casual conversation with a friend, it can also happen in the workplace. So, what is an incidental disclosure? The incidental disclosure definition, according to the U.S. Department of Health and Human Services (HHS), is a, "disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a result of another use or disclosure that is permitted by the Rule." What happens when there is an incidental disclosure in a healthcare setting? There is not a clear-cut answer. It simply depends on the magnitude of the situation. In general, healthcare settings are fluid environments. That means that a patient overhearing another patient's diagnosis or a visitor catching a glimpse of a screen with some personal health information (PHI) is not common grounds to facilitate a HIPAA violation.
Organizations in the healthcare field will be familiar with HIPAA, formally known as the Health Insurance Portability and Accountability Act. Signed into law in 1996, it sets a national standard for protecting personal health information (PHI). It ensures that patients know how their information is stored and shared through consultation and consent. According to the HIPAA Journal, in the twelve months leading up to October 2021, there were 655 reported data breaches that contained 500 or more records across the country. 546 of the 655 occurred in 2021 alone. There is room for improvement in protecting sensitive PHI, especially when dealing with large databases.
Global pandemics like COVID-19 are unprecedented situations, which call for unprecedented action. This mantra is especially true in the field of healthcare, where in early 2020, operations shifted to pre-dominantly virtual care. This action was initiated to keep people apart and from further spreading a virus we knew so little about.
The Ultimate List of HIPAA-Compliant Software Platforms for Hospitals, Clinics & Healthcare Entities
With the development of many software applications and web-based platforms, it is now easy to access healthcare facilities and information electronically. Gone are the days where patients had to wait for a long time to even get an appointment. Now it is a matter of minutes to get an appointment, purchase insurance, get access to health reports and other data online.
But with the development of new and sophisticated technology, these software apps and web-based platforms face security threats along the way. Because of these security threats, there is a need to implement rules and regulations to make sure that the technology is not misused. The Health Insurance Portability and Accountability Act (HIPAA) introduced in 1996 is a standard created to ensure that the privacy and health details of the patient are safe at all times and would not be disclosed to anyone without the consent of the patient.