While we all want to trust the people we work with, our experience implementing and managing IT and security services shows that employees go rogue more often than you might expect. Unaccounted-for data and files can be especially damaging in the healthcare field, where HIPAA compliance requires that medical facilities take reasonable measures to protect patient privacy.
This includes the requirement that patients’ electronic personal health information (ePHI) on PCs and mobile devices be protected by encryption. Unfortunately — but perhaps not unexpectedly — not everyone working in the healthcare industry is as respectful as they ought to be when it comes to HIPAA or patient privacy rights.
In the wrong hands, patient data contains enough personal information (Social Security number, birthdate, address, etc.) to enable criminals to perform identity theft and other financial crimes. A company found in violation of HIPAA may face damaging fines that can cripple a business, to say nothing of harmful reputational damage suffered when disclosing to patients that their private information has not been kept safe. It’s the responsibility of healthcare businesses — both to themselves and their patients — to put IT security solutions in place to protect ePHI from threats external and internal.
Please log in or register below to read the full article.