Guest post by Roman Foeckl, CEO and founder, CoSoSys.
Since HIPAA was enacted in 1996, IT security specialists in the healthcare industry have often been confused by the complex regulations the U.S. government has put in place to carry out the law. Even for experts that were already used to untangling complicated IT security practices, HIPAA regulations have remained a bit of a mystery. What may not be appreciated is that the great work being done by these patient and hardworking industry professionals is setting a new standard for enterprise security that the rest of us can follow.
When we began working on a HIPAA component of our data loss prevention solution we began view it as an opportunity rather than an encumbrance. Here are four reasons why:
Addressing the Previously Unaddressed: Thanks to HIPAA, the healthcare industry is now more aware of the need for a strong data security program. For example, who would have thought that protecting healthcare information should include IPs or postal addresses? Finding the ways to protect this type of data has now become much more critical, and an area of potential risk and huge legal and regulatory costs is now contained. This level of detail and control is something the rest of the industry can learn a great deal from.
Paving the Way: Regulations like HIPAA are essential to protect one of the most private aspects of our lives — information about our health and well-being. This is an opportunity for organizations to position themselves as industry leaders in information security that view patient privacy protection as absolutely equal with patient health. This level of care will reflect very highly on the institution as a whole.
Adding Value: This is an opportunity for all healthcare information security professionals to rise up and demonstrate that the most critical data of patients can, and will, be protected. HIPAA came about because many felt that healthcare organizations were being lax and not protecting our most critical and personal data. An organization can be perceived as cutting edge in an area that is understood by the public at large. By having a best practice obligation to provide patients with an industry leading protection you are reinforcing your commitment to patient advocacy and care.