While covered entities work toward HIPAA compliance, they still may find themselves vulnerable to healthcare data breaches.
The fact that HIPAA compliance isn’t bulletproof – that cybersecurity frameworks around health information require a new level of vigilance – is now axiomatic.
Perhaps owing to whatever legislative sausage-making gave birth to HIPAA, to protect the privacy and security of protected health information, the law offers no guidance on how to follow it.
Third parties have stepped in to assist the technology community, primarily with formulation of the HIPAA HITECH audit, and passing that rigorous test has become the bare minimum for any vendor doing business in the HIPAA space.
Still, 73 percent of U.S. healthcare organizations reported a rise in cybersecurity incidents related to third-party vendors, with 49 percent saying a data breach occurred because of an outside vendor, according to a survey.