The Onakee Group

Regulatory Challenges in Health Care

cecb_slide015

Entities covered by HIPAA must implement strong data security safeguards in their environments, and in particular, comply with the HIPAA Security Rule to ensure the confidentiality, integrity, and availability of all of the electronic protected health information (ePHI) they create, receive, maintain or transmit. We hear frequently from covered entities and business associates who say they are working hard in an increasingly challenging atmosphere to assure their PHI is adequately protected. We also know from our HIPAA enforcement work that far too frequently entities are leaving PHI vulnerable to breach and access by unauthorized persons. According to a report in USA Today, the healthcare industry has accounted for over 40 percent of data breaches over the last three years, and 91 percent of all health organizations have reported a breach over the last two years.

In addition, Congress, in both the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) as well as the Cybersecurity Information Sharing Act of 2015 (CISA), called for guidance on implementation of NIST frameworks. Charles Edda & C Bouley work with hospitals and medical teams to help create, recieve and maintain standards and good practice measures.

01

Preparing For Healthcare Cybersecurity Threats

Hackers will continue to go after networks, systems, and applications that have been misconfigured or are not maintained properly. Good cyber hygiene will become a common phrase to describe how organizations should approach managing the integrity of the enterprise. Organizations can be expected to look to improve their vulnerability management, increase the frequency of technical testing, add penetration testing, address long overlooked weaknesses in network segmentation and replace/refresh end-of-life platforms.

02

Medical Professional: Staff Training

Successful organizations will be defined not by whether they have or haven’t had a cyber event, but rather by how well they manage the enterprise, are able to detect attackers, efficiently respond to events, and restore operations with minimal compromise or loss of IT assets and disruption.

03

American Hospital Association | Cybersecurity

Hospitals can prepare and manage such risks by viewing cybersecurity not as a novel issue but rather by making it part of the hospital’s existing governance, risk management and business continuity framework. Hospitals also will want to ensure that the approach they adopted remains flexible and resilient to address threats that are likely to be constantly evolving and multi-pronged.

Get Started Learn More