Two years ago, health law attorney Daniel Gottlieb would counsel clients to focus data security efforts on human errors that can cause data breaches, such as leaving a laptop on an airplane or in the back of a car.
Now, he talks of two types of cyber criminalsthose engaged in collecting Social Security numbers and other health data for common theft, and those engaged in espionage such as economic crimes and backed by nation states. And he talks of having a breach response plannow.
More than ever, providers, insurers, clearinghouses and business associateswhether or not covered under the HIPAA security ruleneed to regularly conduct a comprehensive risk assessment that covers information technology, physical security, policies and procedures and other factors, Gottlieb says.
Even entities that have diligently done the assessments and used findings to make improvements have a continuous battle on their hands, he adds. The criminals are smart, you solve one problem and two others pop up. Its like the Whack-a-Mole game.
Cyber attacks happen all the time, even to organizations implementing a rigorous program. Thats why it is important to have a breach response plan in place now that includes more frequent system backups, contracts with outside counsel, forensic investigators and, credit/identity protection services, as well as contacts with local police and the local FBI, Gottlieb says.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access