Healthcare data can be very sensitive information, and one would always expect the hospitals and other healthcare entities to place great importance on keeping this data safe. So why is it that so many seem to just slack off?
Healthcare organizations hold a lot of sensitive data about us, things that sometimes even we don’t know about ourselves. When this data falls into the hands of wrong people, it can be very bad – it can give criminals all the data they need to commit fraud and medical identity theft. This is why there is a set of some strict regulations and rules, called Protected Health Information (PHI), around protecting this sensitive data. In the USA, that set of rules and regulations is called HIPAA.
Every healthcare entity is required to have a healthcare compliance program. Non-compliance can be very costly with penalties reaching up to $50,000, in an event of a HIPAA breach. Still, a startling number of organizations continue to be non-compliant. There can be two main reasons behind it.
Lack of resources
The healthcare IT is not known for being always well-funded. On the contrary – the IT administrators & personnel in the healthcare industry are usually forced to make do with lesser. The health care IT departments are often under-utilized and understaffed.
They don’t know any better
Its not just improper storage of sensitive, healthcare data that violates HIPAA and attract Medicare investigations. Sometimes, healthcare organizations don’t really seem to realize. For instance, if you are using some sort of Email provider with the organization, it needs to be made sure that the provider is HIPAA compliant.
