According to SecurityMetrics’ 2020 HIPAA survey data, organizations are getting better at internal security measures like email security and employee training–with a 38% decrease in practices sending patient data over email and a 8% increase in annual employee training. In other areas, healthcare continues to struggle with HIPAA and patient data security. For example, in 2019, only 58% of health practices conducted formal risk assessments and in 2020, only 40% did so. Security issues in healthcare are further compounded by the significant stresses put on practices and providers due to the COVID-19 crisis.
A major roadblock to protecting patient data for organizations is the complexity of HIPAA–coupled with the fact that it is written as a law and not as a prescriptive standard. To help organizations translate law into action, we created the SecurityMetrics Guide to HIPAA Compliance. In its fifth year of publication, the HIPAA Guide is updated each year to reflect the most up-to-date information, laws, and guidance from the Office of Civil Rights (OCR).
“Many healthcare organizations understand the importance of HIPAA. They want to ensure the privacy and security of patient data, but struggle to know what measures they can take to address the risks to that data” says Principal Security Analyst Jen Stone (MCIS, CCSFP CISSP, CISA, QSA), “Our HIPAA Guide helps give healthcare providers and business associates a way to implement policies, procedures, and security controls in a meaningful, HIPAA-compliant way.”
The 2021 Guide to HIPAA Compliance includes guidance and security auditor insights in the following areas:
- Incident response plans
- PHI encryption
- Business associate agreements
- Mobile device security
- Cloud security
- HIPAA-compliant emails
- Remote access
- Vulnerability scanning
- Penetration testing
Health organizations and practices use the SecurityMetrics HIPAA Guide to stay on track with data security and compliance.
“Thank you for providing the guidelines for our business. It is less stressful knowing that I have the correct guide to improve our services to our patients and to protect our business,” said Nancy Wiseman, M.Ed., Ed.S., Vice President, Citrus Endodontics, P.A..