How do you know if your approach to cybersecurity is the right way? How do you know if you’re protecting your data well enough to meet all of the laws and regulations on the books today?
The answer may surprise you.
The published version of all HIPAA regulations runs well over 100 pages and contains many provisions. There are hundreds of ways you can violate HIPAA. They include things like:
- Unauthorized accessing of PHI
- Failure to conduct a risk analysis
- Failure to implement safeguards to ensure the confidentiality, integrity, and availability of PHI
- Mishandling and mismailing PHI
- Failure to document compliance efforts
Notice each of these does not contain specific verbiage. They are all open to interpretation. They all are vague at best.
But, if you misinterpret the law, you’re at risk of a HIPAA violation.
A large hospital in Miami, Florida, may interpret it differently than a small nursing facility in Vancouver, Washington. A private practice’s approach might be different than a technology company developing a medical app.
And therein lies the problem.
We don’t have generally accepted policies and metrics to give you specific step by step procedures. If you’re in charge, you’re left to translate the meaning and make your own choices about cybersecurity implementation. And if the Council of Economic Advisors report The Cost of Malicious Cyber Activity to the US Economy is any indication, we’re not doing a very good job. They estimated that the cost of malicious cyber activity to the US economy ranged between $57 and $109 billion in 2016. And that number will only rise in the future.
The weakness lies in complacency. It continues to grow in small and medium-sized practices where security teams believe they are too small to be on the radar of cybercriminals. They think no one will focus on gaining hundreds or thousands, when there are bigger places they can have access to millions.
Some form of security is always better than nothing. Choosing one form of protection will always lead to more awareness, which in turn will allow you to beef up security even more.
It also comes from reaching out and asking the right questions.
How do you know if you’re approaching cybersecurity the right way?
If you’re asking that question, you’re off to a good start.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.