Share this newsletter on:
HIPAA compliant record sharing is composed of greater than settling on the proper generation to verify the safety, integrity and confidentiality of PHI at relaxation or in transit. Indeed, you must put in force the maximum HIPAA compliant record sharing generation to be had and nonetheless be some distance wanting attaining HIPAA compliance.
It isn’t the generation this is at fault. Many Covered Entities and Business Associates fail to configure the generation correctly or educate staff the best way to use the generation in compliance with HIPAA. According to a up to date IBM X-Force Threat Intelligence Report, 46% of knowledge breaches in the healthcare business are because of “inadvertent actors”.
Of the last 54% of knowledge breaches in the healthcare business, 29% are because of “outsiders”, whilst the last 25% are the paintings of “malicious insiders”. Therefore, if a Covered Entity implements HIPAA compliant record sharing generation, however fails to configure it correctly, educate staff the best way to use it compliantly, or introduce mechanisms to watch get entry to to PHI, it should best be 29% of the manner in opposition to attaining HIPAA compliance.
Understanding the Risks to PHI when Sharing Data
In order to completely perceive the dangers to PHI when sharing information, it is very important behavior a radical chance evaluate detailing how PHI is created, used, saved and shared – and what occurs to the information as soon as it’s been shared. When the chance evaluate is done, it can be crucial to behavior a chance research to spot vulnerabilities and weaknesses that would lead to the unauthorized disclosure of PHI.
Part of the chance research will have to worry what occurs to information shared with Business Associates. Business Associates will have to behavior their very own chance checks and chance analyses, and this is a HIPAA Security Officer´s accountability to behavior due diligence on any Business Associate information is shared with, with a purpose to ensure that their record sharing procedures also are HIPAA compliant.
HIPAA Compliant File Sharing Exists Outside the Cloud
Most articles when it comes to record sharing and HIPAA compliance center of attention on the generation to be had to percentage information securely in the cloud. Although those articles supply treasured details about one explicit house of sharing information, they don’t deal with the matter of HIPAA compliant record sharing in its entirety – for instance, when information is shared inside a personal community or in bodily layout.
As smartly as comparing cloud-based generation for HIPAA compliant record sharing, HIPAA Security Officers will have to additionally imagine get entry to controls to information and folders saved on non-public networks and get entry to logs to watch when PHI is accessed – each on-line and in bodily layout. Done successfully, this will have to assist save you the #1 reason behind HIPAA safety breaches – worker snooping.
Explaining File Sharing and HIPAA Compliance to Employees
Employee snooping – viewing the healthcare information of circle of relatives, pals, colleagues or personalities with out authorization – won’t lead to headline information breaches, however this is a HIPAA violation – and a commonplace one at that. However, with out being advised this is a violation, many staff would imagine snooping not more than a misdemeanor with inquisitive intent.
Explaining that snooping is a HIPAA violation punishable via sanctions is a superb basis for explaining record sharing and HIPAA compliance to staff. It will assist them higher perceive the seriousness of unauthorized disclosures of PHI and lead them to extra cautious about taking shortcuts “to get the job done” – a number one purpose of knowledge breaches in the healthcare business because of “inadvertent actors”.
Train, Monitor, Sanction when Necessary, then Review
Whenever new HIPAA-related generation is presented or running practices are modified, it is very important staff are supplied with good enough coaching on the new generation or running practices. By the usage of worker HIPAA coaching periods to toughen the message about record sharing and HIPAA compliance, the message will be higher absorbed.
If the Covered Entity is in a position to make stronger worker coaching with mechanisms to watch get entry to to PHI, and the enforcement of sanctions when important, the chances are “malicious insiders” will most likely think carefully prior to making an attempt to get entry to PHI with out authorization. Thereafter, HIPAA Security Officers will have to evaluation insurance policies and procedures to evaluate whether or not any more changes want to be made with a purpose to ensure that HIPAA compliant record sharing.
Achieving HIPAA Compliant File Sharing In and Outside the Cloud