For a long time many, in the security industry felt that HIPAA had no bite. That until there were a few examples of healthcare companies made to pay the piper for HIPAA violations, the entire industry would not toe the line. Well, if that were the case at one point, it is not anymore. Over the last year or so, there has been a pretty steady stream of fines levied for violations of HIPAA regulations resulting in patients' electronic confidential data being breached.
Two of the most recent fines levied were a $400k fine against the University of Idaho as a result of a breach at a series of clinics they operate and a whopping $1.7 million fine against Wellpoint for violations between 2009 and 2010. Both of these cases were a little different than the usual HIPAA case in that they did not deal with a laptop or backup containing patient data being lost. In the case of Wellpoint, they had an online application database that was accessibile with over 600,000 patients' information available. The Idaho case is even more shocking - they inexplicibly shut down a firewall for over 10 months!.
I had a chance to sit down and speak to some experts about these recent cases and the general state of HIPAA compliance. Our conversation is below. It is a little long, at 26 minutes, but I think it is well worth the listen. I am joined in this conversation by my friend Steve Spearman of HIPAA managed services provider Health Security Solutions, Billy Austin, President and co-founder of iScan Online, and Tim Woods, VP of customer technology services at Firemon. All three guests had some great advice on how healthcare providers can better stay on the right side of the HIPAA regulations and avoid being the next organization in the headlines.
Of course, not turning your firewall off is an easy one, but often it is not as black and white in terms of compliance. With more and more medical data being converted into eletronic records, there is greater emphasis on storing this data safely and securely.
Have a listen and if you have any questions or comments please post them and will try to get our panel members to answer. (if you don't see a media player below, please reload the page)