Healthcare organizations transmit and store huge amounts of sensitive information, but health data continues to leak out accidentally, or as a result of cyberattacks, at an alarming rate.
In the United States, enforcement of the law known as the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is intended to safeguard the confidentiality of protected health information (PHI). HIPAA was updated in 2009 under the HITECH Act, focused on penalties and rules around disclosure in the event of a PHI breach.
The consequences of a PHI breach can be severe for impacted organizations. If a breach occurs and the data is not encrypted, organizations may be required to notify all individuals concerned, and may incur fines that can exceed $1 million.
If you’re a US-based healthcare organization concerned about HIPAA compliance, we can help. Use our HIPAA compliance check tool to answer six questions that help you identify where you need to improve your data security. It only takes a minute and you don’t have to sign up – it’s free!
The HIPAA compliance check tool covers the key areas relating to PHI security in the HIPAA/HITECH Acts. We’re offering this tool to help companies identify areas of non-compliance. However, this check is not an exhaustive review of all elements of the acts, nor is it legal advice.
Encryption as a defense against data loss
A weak state of data security jeopardizes patient identity and data privacy. Encrypting your data is an important and effective way to mitigate risk, but many organizations are not making extensive use of encryption, according to the results of a Sophos survey on the state of encryption today.
We found that only 31% of healthcare organizations use encryption extensively, 49% use encryption some of the time, and 20% don’t use encryption at all.
Encryption is the last line of defense against data loss, making your data unreadable in the event of unauthorized access.
A complete security strategy includes encrypting sensitive data, preventing cyberthreats, and securing users and all their devices.
How Sophos can help
Sophos provides a number of tools that can help with your HIPAA security compliance program.
We offer a complete range of Next-Gen Enduser Protection solutions: encryption that helps to keep your data secure wherever it goes; endpoint protection that is designed to stop hackers from taking control of your computers; and mobile protection that helps keep the PHI on tablets and smartphones safe.
As you consider your compliance needs and options, we’ve also put together a solution brief explaining how to choose an encryption solution that is flexible, scalable and easy to deploy and use.
And don’t forget to try out our compliance check for more information on how to stay HIPAA healthy.
Alex (UK Based)
Hi John,
Its great to see more people talking about how sensitive the data in the health care industry is. I’ve been in IT/health care for over 10 years now and you wouldn’t believe the things I’ve been when it comes to medical data storage. Absolutely terrifying.
Keep up the good work.
Alex