A Brighton, MA hospital recently settled a HIPAA violation complaint for $218,000.
The violation was centered around the hospital allowing employees to use a web-based file-sharing application to store sensitive patient data.
The hospital wasn’t hacked and no data was stolen. This hospital was fined solely because they stored data in a manner that was inconsistent with the basic premises of HIPAA security.
In its most basic form, HIPAA compliance requires that companies that deal with sensitive healthcare data make every reasonable effort to secure their data.
Note the keyword I used – REASONABLE.
This doesn’t mean that your data is 100% “un-hackable.” No one can make that guarantee. As long as their are hackers attempting to steal data, your data will be at risk.
The question is how do you minimize that risk?
Protecting your healthcare data by every reasonable means requires that you understand:
- Where your data is stored.
- The risks associated with storing it “there.”
- How to properly encrypt and transmit your data to and from the storage location.
Knowingly storing and using your data in a location that is not secure and not encrypted is a violation of HIPAA compliance. It is entirely reasonable to expect you to store your data in a location that is encrypted, accessible only to those requiring access and is generally accepted by security experts to be secure.
Cloud-based storage can be a huge benefit to businesses that utilize it correctly. Cloud storage can be secure, efficient and HIPAA compliant when setup properly. Many cloud providers will sign a BAA (Business Associates Agreement) ensuring that their storage meets the requirements of HIPAA compliance.
Talk to us about your healthcare IT needs and how you can utilize secure cloud technology to your advantage.
[To read the full story, visit Healthcare Finance News]