Network security is more crucial than ever for healthcare providers
This year we witnessed a tragic incident at an Alabama hospital where an infant who was born with severe brain damage died because the hospital was hit with ransomware. While not all ransomware attacks on healthcare institutions result in this kind of tragedy, this incident illustrates just how serious data security for healthcare providers really is.
Download the latest guide to HIPAA ComplianceDownload now
HIPAA’s Security Rule states that covered entities (CA) and business associates (BA) must maintain the confidentiality, integrity, and availability of all protected health information (PHI) and electronic PHI (ePHI) they create, receive, maintain, or transmit. This need is not only dictated by HIPAA laws, but it is necessary to the everyday operations and care that health practices and networks provide.
This leaves healthcare in a tricky spot. They are targeted by hackers not only because their data is valuable on the dark web, but because healthcare institutions are more likely to pay a ransom since they need their computers and equipment to work properly in order to provide essential care for their patients.
While most people are familiar with the Privacy Rule, the Security Rule can seem more difficult and overwhelming. However, the Security Rule is key in helping avoid worst-case scenarios like ransomware and malware which can cost millions of dollars and impact patient care.
HIPAA laws and cybersecurity are not simple. To ensure your institution never has a false sense of security, we created our seventh edition Guide to HIPAA Compliance. The 2022 HIPAA Guide breaks down HIPAA guidelines into actionable steps and easy-to-understand information so that your healthcare staff can be fully educated on data privacy and protection. Our guide to HIPAA compliance contains security analysts’ real-world examples to give organizations a framework to better understand HIPAA and the critical areas where they need help.
Principal Security Analyst Jen Stone (MCIS, CCSFP, CISSP, CISA, QSA) says, “Many healthcare organizations understand the importance of HIPAA. They want to ensure the privacy and security of patient data, but they struggle because the law says what to do, not really how to do it. Our HIPAA Guide helps bridge that gap to give healthcare providers and business associates a way to implement policies, procedures, and security controls in a meaningful, HIPAA-compliant way.”
What’s new in the SecurityMetrics 2022 HIPAA Guide?
HIPAA laws don’t change much from year to year, but auditor insights and perspectives have been updated in the 2022 HIPAA Guide to reflect what they are seeing at healthcare practices. You will also find guidance on:
Cloud security in a HIPAA environment
2021 HIPAA compliance survey data
Cybersecurity best practices from over 20 seasoned security assessors
As well as:
New graphs and diagrams
Improved design focused on usability
Improved "How to Read This Guide" section
Organizations use the 2022 HIPAA Guide to simplify HIPAA guidelines
Health entities use the SecurityMetrics Guide to HIPAA Compliance as a HIPAA training tool, a deskside reference, and an IT team guide.
Here is what our HIPAA Guide users say:
"Thank you for providing the guideline for our business. It is less stressful knowing that I have the correct guide to improve our services to our patients and to protect our business."
Nancy Wiseman, M.Ed., Ed.S., Vice President, Citrus Endodontics, P.A.
"This is the most comprehensive guide on HIPAA I have found."
Crystal Hertz, National Health Foundation
"The HIPAA Guide is one of the best helps/tools/references. It's well organized and easy to understand for our medical office staff and providers."
Hedy Haun, Sr. Process Analyst, Sharp HealthCare
"I loved SecurityMetrics. They have the best resources when it comes to PCI and HIPAA compliance and their customer service is unmatched."
Jennifer MConnell, Owner of E2E Health Solutions, LLC
"SecurityMetrics Guide to HIPAA Compliance is really helpful, very informational and updated."
Jeffrey Delos Reyes, Flow Health Outsourcing, Inc.
New healthcare organization HIPAA survey data
Every year, our HIPAA research team conducts surveys of HIPAA leaders at healthcare organizations to find out where organizations could use support and education.
Our responses this year are from over 600 different healthcare professionals responsible for HIPAA compliance. These survey respondents mostly belong to organizations with less than 500 employees, however, the resulting data is important to organizations of all sizes, because almost all healthcare organizations share patient data with one another.
Here is some of the most notable 2022 HIPAA survey data
40% of respondents train employees annually
54% of respondents provide HIPAA Security Rule training; 53% provide HIPAA Breach Notification Rule training; 60% provide HIPAA Privacy Rule training.
PATIENT DATA SECURITY
31% of respondents encrypt patient data.
83% of respondents delete or destroy sensitive data.
73% of respondents also comply with PCI DSS compliance; 19% comply with GDPR compliance; 12% comply with CCPA compliance; 10% comply with HITRUST requirements.
57% of respondents review their business associate agreement documentation at least annually
26% of respondents don’t have a formal risk management plan.
33% send patient data through unencrypted email services.
FIREWALL BEST PRACTICES
44% of organizations use software firewall(s); 35% use hardware firewall(s); 32% use web application firewall(s).
39% never review their data prevention tool logs.
40% of respondents conduct vulnerability scans.
24% of respondents perform penetration tests.
40% of respondents conduct internal audits at least annually.
26% of respondents don’t have any response plan policies in place.
Download the 2022 Guide to HIPAA Compliance here! For press questions, email pr@securitymetrics.