Until recently, the healthcare industry has been up in arms over whether ransomware infections should be considered reportable breaches of the Health Insurance Portability and Accountability Act (HIPAA). Now, more clarity is available, and healthcare organizations’ responsibility is more certain.

HHS’s guidance has made it clear that healthcare organizations should be prepared for ransomware incidents. Hospitals that employ encryption or de-identification of their data at rest, build security architectures based on next-generation firewalls, deploy advanced endpoint protection, and test their backups periodically are better positioned to protect patient data, and hence are much less likely to be required to disclose a breach because of a ransomware incident.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access