Security News > 2021 > September > Healthcare cybersecurity: How to prevent the compromise of patient records?
The 616 data breaches reported this past year to the US Department of Health & Human Services have resulted in the exposure / compromise of 28,756,445 healthcare records.
"The effects of Covid-19, including hospitals at capacity and employee strain, have left the healthcare industry especially vulnerable. Some of the biggest threats to PHI include phishing and ransomware attacks, but also human error, a lag in network security, and blind spots in email encryption."
Protecting PHI. In the US, the use of protected health information is governed by the HIPAA Privacy Rule, which allows covered entities and their business associates to use and disclose PHI without a patient's consent if it's for treatment and payment for care and, depending on who created the information, healthcare operations.
The responsibility of keeping PHI and other patient information secure is up to those who have it "In hand," so to speak.
"If the healthcare provider has PHI in digital or physical form, it must take all reasonable efforts to keep it secure, including encryption for electronic PHI. The provider is also responsible for securely giving the PHI to the patient upon request," Kuwahara explains.
"While HIPAA does not have a private cause of action, patients can pursue legal action against a healthcare organization for violations of state laws. That said, patients must be able to prove harm or damage caused as a result of the theft or negligence of PHI," Kuwahara concluded.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/0XWfarwriug/