Hospitals and clinics, health plans, business associates (collectively "covered entities") have the unique challenge of making protected health information (ePHI) available to patients and doctors as needed, including health, billing, and insurance information, at the same time protecting this data from theft and accidental disclosure, while operating, for the most part, in open and heavily trafficked environments, with an IT team that is under-staffed and budget constrained. Additionally, these organizations are strictly regulated and must demonstrate compliance with HIPAA/HITECH/Meaningful Use security requirements.
Illumant's assessment and compliance services assist healthcare organizations in navigating these challenges to become compliant, and (at a very practical level) secure.
Illumant has helped numerous hospitals, clinics, medical practices, and healthcare industry-related companies assess their security posture, improve security, and comply with HIPAA, HITECH and Meaningful Use security requirements.
Summary of Healthcare Industry Requirements
- HIPAA Security Rule Compliance – Document compliance with the required and addressable safeguards defined by the HIPAA Security Rule. HHS audits are on the rise. There are costly penalties associated with non-compliance
- HITECH Act – Establish breach notification protocols to respond to potential security breaches. Of course it is best to avoid a breach as the breach notification process can be costly to deploy and damaging to the entities reputation
- Meaningful Use – Conduct a HIPAA Security Risk Assessment to evaluate the risk posed by threats to confidentiality, integrity and availability of ePHI. Evaluate controls and vulnerabilities, the sensitivity of assets, the likelihood of a breach and potential impact of security threats, and adjust the security program accordingly
- Breach Avoidance – Even after compliance, it is important to evaluate real security. Vulnerability assessment and penetration testing can help to identify and remediate real vulnerabilities that could be potentially exposed to effect a breach. Security assessments are a best practice and every healthcare organization should conduct them regularly
Healthcare Industry Security and Compliance Challenges
- Compliance is burdensome - IT departments are oversubscribed, undermanned, budget-constrained, and uninformed about requirements. Illumant can help reduce the burden of security compliance by bringing proven methodologies and man-power, along with knowledge and expertise to reduce the burden of compliance
- Outside of IT there is little buy-in for security – Illumant’s service extends knowledge, responsibility and accountability to executive and cross-departmental leadership by providing clear reporting and education. This can help drive budget for security initiatives
- Confusion about what is required – Security and compliance requirements are confusing. Through experience assisting other healthcare organizations and wide-ranging security and compliance expertise, Illumant helps provide clarity about what is needed to meet compliance requirements
- Lack of broad responsibility and accountability for security compliance requirements outside of IT – The burden of security compliance is one that should be shared throughout the organization, but often falls solely upon IT. Illumant’s services are designed to educate, inform and distribute responsibility and accountability for security compliance to non-IT, executive and cross-departmental leadership through education, information, and reporting about compliance requirements with respect to