The Role of HIPAA Compliance in the Protection of Patient Data

Renu Bhaskaran by   11.20.2017   Compliance

2016 was a record year in terms of the number and cost of HIPAA settlements and with 2017 coming to a close soon, not much has changed in this regard.

Due to the nature of the data that healthcare companies store, provider absolutely must be transparent about how they are securing and handling it. This is essentially what HIPAA is all about. Simple, isn’t it? So why are so many companies failing to meet these requirements? Let’s take a deeper look at HIPAA and just what you need to do to stay compliant.

How to stay compliant with HIPAA regulations

Oversight, or brief lapses in vigilence, is all it takes to become the victim of a devastating data breach incident. Ereing on the side of precaution is your best bet when it comes to IT security and compliance.

Here’s how:

Start with employees

Hacking health records can lead to the disclosure of protected information for purposes other than treatments. Regular audits allow you to identify inappropriate accesses as they take place. Keeping a sharp eye on who has access to your data assets enables you to take the necessary steps to protect the private information of your employees.

Encrypting backup data

Data stored in archives as backups is a popular target for hackers. Ensure you are encrypting this data to add another layer of security to your network. Don’t make it easy for hackers to get hold of your electronically protected health information (ePHI).

Know your Business Associates (BAs)

It’s no secret that business associates help to make your business run smoothly. However, trust isn’t a security strategy. Make sure you are maintaining compliance details for these associates to see what they are doing with your critical data. Having appropriate measures in place for BAs ensures the privacy and security of health information.

Perform Regular risk assessments

The ramifications of not efficiently monitoring and managing potential risk areas of an enterprise could be detrimental to the business itself. The most vital step in becoming HIPAA compliant is conducting regular security risk assessments for the covered entities and business associates. This way you can identify and apply suitable security measures and controls to protect the privacy of PHI.

Implement privacy policies

Having defined policies help avoid lawsuits, monetary penalties, bad publicity and harm resulting from privacy breaches. Such polices are tailored to safeguarding the growing volume of electronically protected medical data.

Conducting vulnerability scans

Vulnerability scans can be operated inside or outside of your organization’s firewall to look for potential security holes that outsiders can exploit. Such scans generate a logged summary of alerts you can act upon.

Reality of HIPAA violations

With HIPAA violation fines sky-rocketing up to $50,000 per occurrence, healthcare organizations must ensure that they are HIPAA compliant at all times. St. Luke’s–Roosevelt Hospital Centre, for example, paid $387,200 this year in a HIPAA settlement case.

According to the 2017 Cost of Data Breach Study, it has been found that the costs of data breaches in the healthcare sector are the highest among all other sectors. The penalties for non-compliance range between $100 and $50,000 per violation along with criminal charges.

As per an analysis by Health Information Privacy / Security Alert of data, approximately 174,792,250 have been affected by 1996 HITECH breaches. Around 409 breaches involved Business Associates exposing 31,239,362 information leaving millions of patients vulnerable to serious repercussions.

The following are the most common HIPAA violations:

  • Disclosure of health information by employees
  • Mishandling of medical records
  • Devices containing patient-specific information or health information getting stolen
  • Illegal access to patient files or health files by employees for malicious purposes
  • Improper disposal of records
  • Releasing information to a third party or an unauthorized entity
  • Unprotected storage of critical medical data
  • Unauthorized health information being released without approval
  • Failure to deliver copies of medical records to the patients or users on demand

Preventing HIPAA breaches with LepideAuditor

With a proactive auditing solution like LepideAuditor incorporated into your everyday operations, managing regulatory obligations is no longer a tough task. This solution continuously audits changes made to your electronically protected information, tracks permission changes, monitors user activities and much more. Relax, and let LepideAuditor do the work.


Lepide® is a Registered Trademarks of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All Trademarks Acknowledged.