Healthcare Technology Featured Article

June 10, 2014

Netwirx's Strategy to Avoid HIPAA Compliance Violations


The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules were established to ensure the healthcare industry covered entities, business associates and protect the information of their customers. The slightest violation will bring the wrath of the Department of Human and Health Services (DHSS) with fines that can start at $100 and go into the millions, and if need be even imprisonment. A recent example of this exercise was the fine levied against the New York Presbyterian Hospital and Columbia University for $4.8 million, because they potentially failed to protect patient information on their network.

The Netwirx strategy to meet HIPAA compliance is to adopt best practices to secure and protect patient information. While it might sound simplistic, all you have to do is look at the millions of dollars organizations with very smart people had to pay to see simplicity has eluded them.

The HIPAA regulations cover a wide range of organizations, and it is essential for everyone that has to comply by these rules to remain vigilant at all times. Netwirx recommends following the five steps it has outlined with unwavering adherence, because policies work only when they are applied as designed.

1 – Establish policies across the entire IT infrastructure and ensure they are followed with strict governance.

2 – Enact controls to verify the policies that have been put in place work with an auditing solution that validates the policies are working as well as having an alert and report mechanism when they are being violated.

3 – Ensure your visibility is deep, with an auditing solution that provides complete visibility of the entire IT infrastructure with reports that can be submitted to auditors, because if your compliance cannot be substantiated by audit reports, all your efforts will be in vain.

4 – Have a proactive culture in the organization by implementing automated change auditing solutions so new additions or removals can be detected and evaluated properly ASAP.  

5 – Always be ready for new amendments in HIPAA because the law is designed to evolve as new technology and security threats are discovered. An automated compliance auditing solution can alert an organization when the changes take place and they are enacted.

"One of the main purposes of compliance regulations is the prevention of breaches and violations; and as a new breach occurs, authorities gather to investigate the root causes and possible prevention mechanisms. With each new, highly visible violation, we can expect compliance requirements to become stricter and compliance audits to be more thorough," said Michael Fimin, CEO of Netwrix.

The DHHS breaks down the fines and charges it levies to violators into two major categories, "Reasonable Cause" and "Willful Neglect". Both violations can exact up to $50,000 per incident, but Willful Neglect can result in criminal charges with possible jail times. With all the technology available for healthcare organizations as well as their covered entities and business associates, there is no need to even reach to this point. As the Netwirx CEO said, "By employing simple steps to assure automated change and compliance auditing, organizations can safeguard themselves from the threat of devastating violations and penalties."




Edited by Maurice Nagle






FREE eNewsletter

Click here to receive your targeted Healthcare Technology Community eNewsletter.
[Subscribe Now]