By Melanie Purkis, Liquid Web
Health Insurance Portability and Accountability Act (HIPAA) compliance is complex and requires adherence to a number of checks in order to keep sensitive data secure. Healthcare organizations and others that deal with sensitive personal data are in a tough spot. Unlike PCI (Payment Card Industry) compliance, there is no certifying body to ensure that relevant organizations remain compliant.
Instead, health organizations must do their best to abide by the requirements set forth without being “certified” as compliant. Unfortunately, this usually means that noncompliance or other vulnerabilities don’t come to light until there is a massive cyberattack or data breach. Considering that healthcare cyber attacks, on average, cost $1.4 million in recovery, organizations should consider both whether they are compliant and whether compliance is really enough.
Tug Of War Between Compliance And True Security
The reality of the modern digital era is that “simple” HIPAA compliance is not enough. Data breaches still happen—and they are on the rise. Relying on HIPAA compliance to cover all of an organization’s security concerns is a fool’s game and can actually weaken cybersecurity defenses.
Simply stated, HIPAA compliance is just meeting the minimum standards for security. It does not guarantee complete protection against cyber attacks and hacks. The healthcare industry has ample room for growth in this area and has been slow to adjust looming concerns around the lack of robust security tools that accommodate emerging technologies like cloud-based environments, Internet of Things (IoT), and increased device usage.
Taking Security Up A Notch
Rather than focusing solely on HIPAA compliance, healthcare organizations should consider the different areas where security concerns must be addressed.
The application of HIPAA standards varies, due to varying perceptions of what compliance really means. This can place healthcare organizations at risk if they do not complete due diligence across all matters of security. Clarity on compliance is important, but organizations must go beyond basic compliance to secure the entirety of the organization from the rising number of bad actors.
About The Author:
Melanie Purkis is the Product Leader for Liquid Web's Managed Hosting Products & Services, including HIPAA Compliant Solutions. Melanie has 23 years of experience with professional leadership in the IT and web hosting industries.