By Ben Scully, president, Avatara.
Changes in healthcare privacy laws will have significant consequences for medical practices. This summer, the National Institute of Standards and Technology (NIST) released a draft of its HIPAA Security Rule guidance, the first update since the guidance’s original landmark issuance in 2008.
It’s sorely needed.
According to a ClearDATA report on the state of cloud security in healthcare providers in 2022, there is a significant disparity in how healthcare leaders assess their organizations’ cloud-based cybersecurity health. Many healthcare providers mistakenly believe their cloud infrastructure is safe and secure when they actually fall well short of the minimum threshold for proper protection against an increasingly risky landscape.
So it’s unsurprising that 2021 saw healthcare organizations weathering the most data breaches since 2009. But with clear instructions and accountability from technology providers, healthcare organizations can protect themselves against cyberattacks.
The Responsibility of Each Healthcare Organization
Guidelines from the federal government are meaningless without careful compliance from each healthcare organization. It’s critical that you review how noncompliance can negatively affect an organization.
Because healthcare organizations may not be fined or directly punished, the potential fallout of noncompliance is easy to underestimate. But threats are everywhere and the chance of a cyberattack is likely. If you are not proactive, you will eventually leave yourself open to a breach — and that attack can come with dire financial consequences.
Organizations that remain vigilant, proactive, and in line with NIST’s updated HIPAA guidelines can lessen their vulnerability to cyberattacks. It requires an expenditure of resources, sure, but that cost should be seen as a critical investment in your organization’s viability and the privacy of your patient data.