By Tim Mullahy
Liberty Center One
Given how sensitive healthcare data can be, you’d expect hospitals and similar organizations to place the utmost importance on keeping it safe. So why does it seem like so many slack off?
Healthcare organizations know a lot about us, sometimes more than we know about ourselves. And when that information falls into the wrong hands, it can be devastating – it gives a criminal everything they need to commit medical identity theft. Not surprisingly, there are some pretty strict rules and regulations around the protection of that data, known as Protected Health Information (PHI).
In the United States, that set of guidelines is known as HIPAA. Similar rules exist in Australia, the United Kingdom, and the European Union. The one thing they all share in common aside from the data they protect?
A startling number of businesses – healthcare organizations and otherwise – are noncompliant.
That can be costly. In addition to opening up an organization to penalties of up to $50,000 per compromised record in the event of a breach (under HIPAA), failure to adequately protect healthcare data can also lead to even costlier lawsuits. And that’s without even accounting for the reputational damage.
In short, HIPAA compliance is in every organization’s best interest if they even tangentially work with health data. So why do so many businesses neglect it? In my experience, there are two overarching reasons. [Read more…]