CED-2 - Cyber Liability HIPAA and Confidentiality Part 2

Network security breaches wreak havoc on healthcare providers. Electronic health records (EHRs) can be encrypted and made useless by hackers who often demand a ransom in exchange for their encryption key. And sensitive data can be sold all over the world. For a healthcare provider to remain compliant with the guidelines and requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA), it must safeguard its patients’ protected health information ("PHI"). While EHRs contain sensitive patient information out of necessity, healthcare data now stretches far beyond EHRs into the realm of data analytics. This shared data requires strict compliance with HIPAA’s Privacy Rule, which states that identifying information must be either removed from shared data or de-identified (made anonymous or encrypted). Because of heavy penalties incurred by HIPAA violations, many healthcare providers expend much of their resources on simply meeting HIPAA’s Privacy Rule while neglecting to execute further cybersecurity measures. In a world of computers and networks, sensitive PHI must be protected against the unwelcome eyes of hackers, identity thieves, spammers, and others.