SlideShare a Scribd company logo
The HIPAA Security Rule:
Yes, It’s Your Problem
An overview for office administrators, receptionists, doctors, and IT professionals
About Us
• SecurityMetrics
– Regulatory security
compliance assessments
and consulting
– Digital forensics &
penetration testing
– Regulatory compliance
programs (validation,
tracking, training, support)
– Helped over 1 million small to
large entities manage
security compliance
Scenario
• Office managers/receptionists access Facebook,
personal email, etc.
• Accessed on same computer with patient records
• All it takes is for a single click on a malicious link
and a key logger is installed
• Key logger listens in for any sensitive data
The Looming Problem
“I’m already
doing HIPAA.”
“I don’t have the
time or budget
for this.”
“My affiliates
take care of
HIPAA.”
The Unfortunate Reality
• Small covered entity (SCE)
merchant processor, EHR
vendor, IT specialists:
– Don’t fulfill HIPAA
requirements for a business
– Won’t pay for a compromise
– Don’t suffer brand damage if
a business is compromised
• Risk and liability rest
entirely upon the SCE
Why Would Anyone Steal From Me?
• “My business isn’t large or important
enough for a criminal to steal from!”
• Actually…hackers go after smaller entities
because they spend less resources on
beefing up security
• Criminals steal from entities
they know won’t catch them
HIPAA Fines
*U.S. Dept. of Health and Human Services
Privacy vs. Security
• Healthcare entities haven’t separated
Security/Privacy regulation, and leave many
Security Rule regulations unfulfilled
• Privacy Rule compliance doesn’t extend to
Security Rule
• To be truly HIPAA compliant,
must comply with BOTH aspects.
The HIPAA Privacy Rule
• Federally protects health
information and patient rights
from unauthorized disclosure
• Written policy procedures
must include safeguards for
administration of PHI,
electronic health information
(ePHI), physical security, etc.
• Implemented in healthcare
industry in 1996
• Healthcare entities well-
trained, understand Privacy
Rule
The HIPAA Security Rule
• Requires covered entities,
business associates,
subcontractors to protect
ePHI
• Implemented 2003-2005
• HITECH Act 2009:
increased the legal liability
of non-compliance
• Completely separate from
Privacy Rule
Security Rule Implementation Examples
• As per HIPAA regulations:
– Passwords must be changed every 90 days
– Substantially different from last password
– Contain 6 characters (min.)
– Can’t use dictionary words, slang, proper
names
– Each user must use a different username
and password
• As per HIPAA regulations:
– CE must protect electronic networks with
WPA2
– WEP must never be used
• Are you implementing these policies?
Policy vs. Implementation
• Common to conglomerate
HIPAA policies and
implementation
• Healthcare religiously
generates Privacy Rule
policies, but few implement
principles
• A policy doesn’t cover
business from compromise,
but through implementation,
you stand a fair chance
against data thieves
Best Practices: Find Help
• Acknowledge you (or IT specialist)
don’t have the training/time to
pursue true HIPAA compliance
• Find a provider to guide you
– Caution: many HIPAA vendors don’t care
about policy implementation because it
increases their costs. Ensure your provider
leads you through policy implementation.
Best Practices: Who’s In Charge?
• Identify who holds the assigned HIPAA
Security Rule responsibility
• If you don’t have someone, assign a
HIPAA Security ambassador
Best Practices: What’s Your Budget?
• Determine implementation budget:
– Weigh ROI against custom loss estimate
– This will tell you how much a breach would
cost your organization.
• Use NIST risk calculation worksheet:
– http://csrc.nist.gov/publications/nistpubs/800-
30-rev1/sp800_30_r1.pdf
Best Practices: Record
• Review current policy and procedure
documentation
• Take record of which policies you currently
implement
• What policies pertain to
Privacy and what pertain
to Security?
Best Practices: Don’t Assume
• Don’t assume new technology is
secure
– “But the package says it's a safe
product!”
– “But everyone says it’s invincible to
viruses!”
– “But the salesman at the HIPAA trade
show says it follows HIPAA standards!”
• Can’t believe what you read in
marketing materials, or what people
tell you about the security of a product
or technology.
• Counsel with your HIPAA advisor to
learn how to safely implement new
technology
Best Practices: Where Are The Gaps?
• Discover current security gaps
– Get a HIPAA audit
– Easiest, most thorough way to discover gaps
• Take action
– Come up with a plan to remediate gaps
The True Cost
• How expensive is
implementation when
compared to cost of
compromise?
• Are you willing to
sacrifice patient trust?
Sound Familiar?
• “If you want a healthy body, you have two choices”
– Diet, exercise, healthy foods now (inexpensive)
– Hospital, surgery, personal trainer later (expensive)
• Identical to HIPAA
• “If you want to be secure, you have two choices”
– Take necessary security precautions now
(inexpensive)
– Pay for forensic investigations, auditing, fines
later(expensive)
Contact Us
HIPAA Compliance Team
877.364.9183 | hipaa@securitymetrics.com

More Related Content

What's hot

HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
TrueVault
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
TrueVault
 
Hipaa for business associates simple
Hipaa for business associates   simpleHipaa for business associates   simple
Hipaa for business associates simple
Jose Ivan Delgado, Ph.D.
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and training
LaDavia Day, MHA, BS
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
data brackets
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1
Armor
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
Hostway|HOSTING
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
Obaa, Inc.
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
mindleaftechnologies
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
ClearDATACloud
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
Hostway|HOSTING
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...
CureMD
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
Kimberly Simon MBA
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
CMDLMS
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
eringold
 
HHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response ChecklistHHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response Checklist
Todd LaRue
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa ppt
Mari Mina
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
complianceexpert
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
Valency Networks
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
Manas Deep
 

What's hot (20)

HIPAA Compliance for Developers
HIPAA Compliance for DevelopersHIPAA Compliance for Developers
HIPAA Compliance for Developers
 
Application Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA ComplianceApplication Developers Guide to HIPAA Compliance
Application Developers Guide to HIPAA Compliance
 
Hipaa for business associates simple
Hipaa for business associates   simpleHipaa for business associates   simple
Hipaa for business associates simple
 
The importance of hipaa compliance and training
The importance of hipaa compliance and trainingThe importance of hipaa compliance and training
The importance of hipaa compliance and training
 
HIPAA HiTech Security Assessment
HIPAA HiTech Security AssessmentHIPAA HiTech Security Assessment
HIPAA HiTech Security Assessment
 
Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1Firehost Webinar: Hipaa Compliance 101 Part 1
Firehost Webinar: Hipaa Compliance 101 Part 1
 
HIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare CloudHIPAA Compliance: Simple Steps to the Healthcare Cloud
HIPAA Compliance: Simple Steps to the Healthcare Cloud
 
HIPAA 101 for Startups
HIPAA 101 for StartupsHIPAA 101 for Startups
HIPAA 101 for Startups
 
MindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insuranceMindLeaf - HIPAA privacy and cybersecurity insurance
MindLeaf - HIPAA privacy and cybersecurity insurance
 
HIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An OverviewHIPAA Compliant Cloud Computing, An Overview
HIPAA Compliant Cloud Computing, An Overview
 
Assessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA ComplianceAssessing Your Hosting Environment for HIPAA Compliance
Assessing Your Hosting Environment for HIPAA Compliance
 
The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...The real reason why physicians must comply with HIPAA. What the government do...
The real reason why physicians must comply with HIPAA. What the government do...
 
HealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUSTHealthCare Compliance - HIPAA & HITRUST
HealthCare Compliance - HIPAA & HITRUST
 
Comp8 unit6a lecture_slides
Comp8 unit6a lecture_slidesComp8 unit6a lecture_slides
Comp8 unit6a lecture_slides
 
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
PACT Cybersecurity Series Event, speaker Gregory M. Fliszar, Esq. of Cozen O'...
 
HHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response ChecklistHHS Issues HIPAA Cyber Attack Response Checklist
HHS Issues HIPAA Cyber Attack Response Checklist
 
Group presentation hippa ppt
Group presentation hippa pptGroup presentation hippa ppt
Group presentation hippa ppt
 
The New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and ResponsibilituesThe New HIPAA: Rules and Responsibilitues
The New HIPAA: Rules and Responsibilitues
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
 
Understanding HIPAA
Understanding HIPAAUnderstanding HIPAA
Understanding HIPAA
 

Viewers also liked

Connectria Hosting- HIPAA Compliant Hosting Services
Connectria Hosting- HIPAA Compliant Hosting ServicesConnectria Hosting- HIPAA Compliant Hosting Services
Connectria Hosting- HIPAA Compliant Hosting Services
Connectria
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
Karna *
 
What You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security RuleWhat You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security Rule
Cooperative of American Physicians, Inc.
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Compliancy Group
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
Charles McNeil
 
What is a Healthcare IT Platform?
What is a Healthcare IT Platform?What is a Healthcare IT Platform?
What is a Healthcare IT Platform?
Ed Dodds
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshow
heronimus92
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Hipaa hitech requirements
Hipaa hitech requirementsHipaa hitech requirements
Hipaa hitech requirements
DQS Inc.
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
primeteacher32
 
12 symmetric key cryptography
12   symmetric key cryptography12   symmetric key cryptography
12 symmetric key cryptography
drewz lin
 
Internal audit
Internal auditInternal audit
Automated Systems Slides
Automated Systems SlidesAutomated Systems Slides
Automated Systems Slides
iarthur
 
13 asymmetric key cryptography
13   asymmetric key cryptography13   asymmetric key cryptography
13 asymmetric key cryptography
drewz lin
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
Alfred Ouyang
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
charlesgarrett
 
Biometrics
BiometricsBiometrics
Biometrics
Priyanka Sharma
 
Encryption
EncryptionEncryption
Encryption
Nitin Parbhakar
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
Animesh Shaw
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
Gopal Sakarkar
 

Viewers also liked (20)

Connectria Hosting- HIPAA Compliant Hosting Services
Connectria Hosting- HIPAA Compliant Hosting ServicesConnectria Hosting- HIPAA Compliant Hosting Services
Connectria Hosting- HIPAA Compliant Hosting Services
 
HIPAA Basics
HIPAA BasicsHIPAA Basics
HIPAA Basics
 
What You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security RuleWhat You Don’t Know About the HIPAA Security Rule
What You Don’t Know About the HIPAA Security Rule
 
Why a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA ComplianceWhy a Risk Assessment is NOT Enough for HIPAA Compliance
Why a Risk Assessment is NOT Enough for HIPAA Compliance
 
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk AnalysisMBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
MBM eHealthCare Solutions HIPAA-HITECH & Meaningful Use Risk Analysis
 
What is a Healthcare IT Platform?
What is a Healthcare IT Platform?What is a Healthcare IT Platform?
What is a Healthcare IT Platform?
 
Hipaa slideshow
Hipaa slideshowHipaa slideshow
Hipaa slideshow
 
Cia security model
Cia security modelCia security model
Cia security model
 
Hipaa hitech requirements
Hipaa hitech requirementsHipaa hitech requirements
Hipaa hitech requirements
 
Security Policies and Standards
Security Policies and StandardsSecurity Policies and Standards
Security Policies and Standards
 
12 symmetric key cryptography
12   symmetric key cryptography12   symmetric key cryptography
12 symmetric key cryptography
 
Internal audit
Internal auditInternal audit
Internal audit
 
Automated Systems Slides
Automated Systems SlidesAutomated Systems Slides
Automated Systems Slides
 
13 asymmetric key cryptography
13   asymmetric key cryptography13   asymmetric key cryptography
13 asymmetric key cryptography
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policy
 
Biometrics
BiometricsBiometrics
Biometrics
 
Encryption
EncryptionEncryption
Encryption
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Public Key Cryptography
Public Key CryptographyPublic Key Cryptography
Public Key Cryptography
 

Similar to The HIPAA Security Rule: Yes, It's Your Problem

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
SecurityMetrics
 
CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014
Jason Karn
 
3 02
3 023 02
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random audit
supportc2go
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
Stephen Cobb
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin, Inc.
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
Compliancy Group
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
supportc2go
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
M2SYS Technology
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
himalya sharma
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
robint2125
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
Jose Ivan Delgado, Ph.D.
 
Simple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceSimple Steps to HIPAA Compliance
Simple Steps to HIPAA Compliance
AtMyDeskTraining
 
Is your billing partner hipaa compliant
Is your billing partner hipaa compliantIs your billing partner hipaa compliant
Is your billing partner hipaa compliant
jennyvergeese
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
Evan Francen
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Compliancy Group
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
lgcdcpas
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
supportc2go
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
Md. Sajjat Hossain
 

Similar to The HIPAA Security Rule: Yes, It's Your Problem (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014 CAHU EXPO Grove City, OH 2014
CAHU EXPO Grove City, OH 2014
 
3 02
3 023 02
3 02
 
Hipaa random audit
Hipaa random auditHipaa random audit
Hipaa random audit
 
HIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good BusinessHIPAA, Privacy, Security, and Good Business
HIPAA, Privacy, Security, and Good Business
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT SecurityRedspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
Redspin & Phyllis and Associates Webinar- HIPAA,HITECH,Meaninful Use,IT Security
 
The must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challengeThe must have tools to address your HIPAA compliance challenge
The must have tools to address your HIPAA compliance challenge
 
Hipaa audits and enforcement
Hipaa audits and enforcementHipaa audits and enforcement
Hipaa audits and enforcement
 
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
Health IT Data Security – An Overview of Privacy, Compliance, and Technology ...
 
HIPAA | HIPAA Training
HIPAA | HIPAA TrainingHIPAA | HIPAA Training
HIPAA | HIPAA Training
 
Hipaa overview 073118
Hipaa overview 073118Hipaa overview 073118
Hipaa overview 073118
 
HIPAA Security 2019
HIPAA Security 2019HIPAA Security 2019
HIPAA Security 2019
 
Simple Steps to HIPAA Compliance
Simple Steps to HIPAA ComplianceSimple Steps to HIPAA Compliance
Simple Steps to HIPAA Compliance
 
Is your billing partner hipaa compliant
Is your billing partner hipaa compliantIs your billing partner hipaa compliant
Is your billing partner hipaa compliant
 
FRSecure Sales Deck
FRSecure Sales DeckFRSecure Sales Deck
FRSecure Sales Deck
 
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...Business Associates: How to become HIPAA compliant, increase revenue, and gai...
Business Associates: How to become HIPAA compliant, increase revenue, and gai...
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Hi paa and eh rs
Hi paa and eh rsHi paa and eh rs
Hi paa and eh rs
 
Security policy.pdf
Security policy.pdfSecurity policy.pdf
Security policy.pdf
 

More from SecurityMetrics

Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
SecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
SecurityMetrics
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
SecurityMetrics
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 

More from SecurityMetrics (20)

Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 

Recently uploaded

Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
Anindya Das Adhikary
 
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdfNUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
MatsikoAlex
 
Care and Maintenance of Laboratory Equipment in Histotechnology.pptx
Care and Maintenance of Laboratory Equipment in Histotechnology.pptxCare and Maintenance of Laboratory Equipment in Histotechnology.pptx
Care and Maintenance of Laboratory Equipment in Histotechnology.pptx
Dr. Jagroop Singh
 
Text Book of Nursing Concepts - Fundamental of Nursing
Text Book of Nursing Concepts - Fundamental of NursingText Book of Nursing Concepts - Fundamental of Nursing
Text Book of Nursing Concepts - Fundamental of Nursing
BP KOIRALA INSTITUTE OF HELATH SCIENCS,, NEPAL
 
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptxHow to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
AmandaChou9
 
Text Book of Critical Care Nursing ICU NURSING
Text Book of Critical Care Nursing  ICU NURSINGText Book of Critical Care Nursing  ICU NURSING
Text Book of Critical Care Nursing ICU NURSING
BP KOIRALA INSTITUTE OF HELATH SCIENCS,, NEPAL
 
Veterinary Medicines Manufacturers in India
Veterinary Medicines Manufacturers in IndiaVeterinary Medicines Manufacturers in India
Veterinary Medicines Manufacturers in India
Heilsaa Care
 
Journal club presentation JC 28.5.24 edit.pptx
Journal club presentation JC 28.5.24 edit.pptxJournal club presentation JC 28.5.24 edit.pptx
Journal club presentation JC 28.5.24 edit.pptx
AdhyaDubey1
 
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in DohaAbortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
maishakhanam230
 
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptxWhy Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
AmandaChou9
 
anthelmintic-drugs.pptx pharmacology dep
anthelmintic-drugs.pptx pharmacology depanthelmintic-drugs.pptx pharmacology dep
anthelmintic-drugs.pptx pharmacology dep
sapnasirswal
 
Perforation.pptx
Perforation.pptxPerforation.pptx
Perforation.pptx
Nandish Sannaiah
 
Clinical examination of- CRANIAL.- nerves
Clinical examination of- CRANIAL.- nervesClinical examination of- CRANIAL.- nerves
Clinical examination of- CRANIAL.- nerves
DrpoonamHealthclinic
 
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptxGeriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
Dinesh Danny
 
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
DrMalathiVenketesham
 
Nursing management of patient with peritoneal dialysis
Nursing management of patient with peritoneal dialysisNursing management of patient with peritoneal dialysis
Nursing management of patient with peritoneal dialysis
shivalingatalekar1
 
2nd week of Human development .embryology
2nd week of Human development .embryology2nd week of Human development .embryology
2nd week of Human development .embryology
Mithilesh Chaurasia
 
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.GawadHemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
NephroTube - Dr.Gawad
 
SA Gastro Cure(pancreatic cancer treatment in india).pptx
SA Gastro Cure(pancreatic cancer treatment in india).pptxSA Gastro Cure(pancreatic cancer treatment in india).pptx
SA Gastro Cure(pancreatic cancer treatment in india).pptx
VinothKumar70905
 
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptxPULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
neeti70
 

Recently uploaded (20)

Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
Amygdala Medi-Trivia Quiz (Prelims) | FAQ 2024
 
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdfNUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
NUTRICONNECT NEWSLETTER 3RD ISSUE 2ND VOLUME.pdf
 
Care and Maintenance of Laboratory Equipment in Histotechnology.pptx
Care and Maintenance of Laboratory Equipment in Histotechnology.pptxCare and Maintenance of Laboratory Equipment in Histotechnology.pptx
Care and Maintenance of Laboratory Equipment in Histotechnology.pptx
 
Text Book of Nursing Concepts - Fundamental of Nursing
Text Book of Nursing Concepts - Fundamental of NursingText Book of Nursing Concepts - Fundamental of Nursing
Text Book of Nursing Concepts - Fundamental of Nursing
 
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptxHow to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
How to Relieve Prostate Congestion- Here are some Effective Strategies.pptx
 
Text Book of Critical Care Nursing ICU NURSING
Text Book of Critical Care Nursing  ICU NURSINGText Book of Critical Care Nursing  ICU NURSING
Text Book of Critical Care Nursing ICU NURSING
 
Veterinary Medicines Manufacturers in India
Veterinary Medicines Manufacturers in IndiaVeterinary Medicines Manufacturers in India
Veterinary Medicines Manufacturers in India
 
Journal club presentation JC 28.5.24 edit.pptx
Journal club presentation JC 28.5.24 edit.pptxJournal club presentation JC 28.5.24 edit.pptx
Journal club presentation JC 28.5.24 edit.pptx
 
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in DohaAbortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
Abortion pills for sale in Qatar(+919707208804)Buy Cytotec tablet in Doha
 
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptxWhy Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
Why Does Seminal Vesiculitis Causes Jelly-like Sperm.pptx
 
anthelmintic-drugs.pptx pharmacology dep
anthelmintic-drugs.pptx pharmacology depanthelmintic-drugs.pptx pharmacology dep
anthelmintic-drugs.pptx pharmacology dep
 
Perforation.pptx
Perforation.pptxPerforation.pptx
Perforation.pptx
 
Clinical examination of- CRANIAL.- nerves
Clinical examination of- CRANIAL.- nervesClinical examination of- CRANIAL.- nerves
Clinical examination of- CRANIAL.- nerves
 
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptxGeriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
Geriatric radiography.pptx Geriatric radiography.pptxGeriatric radiography.pptx
 
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
KUSTHA PPT .pdf KUSTHA definition, classification, and modern probable correl...
 
Nursing management of patient with peritoneal dialysis
Nursing management of patient with peritoneal dialysisNursing management of patient with peritoneal dialysis
Nursing management of patient with peritoneal dialysis
 
2nd week of Human development .embryology
2nd week of Human development .embryology2nd week of Human development .embryology
2nd week of Human development .embryology
 
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.GawadHemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
Hemodialysis: Chapter 8, Complications During Hemodialysis, Part 3 - Dr.Gawad
 
SA Gastro Cure(pancreatic cancer treatment in india).pptx
SA Gastro Cure(pancreatic cancer treatment in india).pptxSA Gastro Cure(pancreatic cancer treatment in india).pptx
SA Gastro Cure(pancreatic cancer treatment in india).pptx
 
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptxPULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
PULMONARY EMBOLISM AND ITS MANAGEMENT.pptx
 

The HIPAA Security Rule: Yes, It's Your Problem

  • 1. The HIPAA Security Rule: Yes, It’s Your Problem An overview for office administrators, receptionists, doctors, and IT professionals
  • 2. About Us • SecurityMetrics – Regulatory security compliance assessments and consulting – Digital forensics & penetration testing – Regulatory compliance programs (validation, tracking, training, support) – Helped over 1 million small to large entities manage security compliance
  • 3. Scenario • Office managers/receptionists access Facebook, personal email, etc. • Accessed on same computer with patient records • All it takes is for a single click on a malicious link and a key logger is installed • Key logger listens in for any sensitive data
  • 4. The Looming Problem “I’m already doing HIPAA.” “I don’t have the time or budget for this.” “My affiliates take care of HIPAA.”
  • 5. The Unfortunate Reality • Small covered entity (SCE) merchant processor, EHR vendor, IT specialists: – Don’t fulfill HIPAA requirements for a business – Won’t pay for a compromise – Don’t suffer brand damage if a business is compromised • Risk and liability rest entirely upon the SCE
  • 6. Why Would Anyone Steal From Me? • “My business isn’t large or important enough for a criminal to steal from!” • Actually…hackers go after smaller entities because they spend less resources on beefing up security • Criminals steal from entities they know won’t catch them
  • 7. HIPAA Fines *U.S. Dept. of Health and Human Services
  • 8. Privacy vs. Security • Healthcare entities haven’t separated Security/Privacy regulation, and leave many Security Rule regulations unfulfilled • Privacy Rule compliance doesn’t extend to Security Rule • To be truly HIPAA compliant, must comply with BOTH aspects.
  • 9. The HIPAA Privacy Rule • Federally protects health information and patient rights from unauthorized disclosure • Written policy procedures must include safeguards for administration of PHI, electronic health information (ePHI), physical security, etc. • Implemented in healthcare industry in 1996 • Healthcare entities well- trained, understand Privacy Rule
  • 10. The HIPAA Security Rule • Requires covered entities, business associates, subcontractors to protect ePHI • Implemented 2003-2005 • HITECH Act 2009: increased the legal liability of non-compliance • Completely separate from Privacy Rule
  • 11. Security Rule Implementation Examples • As per HIPAA regulations: – Passwords must be changed every 90 days – Substantially different from last password – Contain 6 characters (min.) – Can’t use dictionary words, slang, proper names – Each user must use a different username and password • As per HIPAA regulations: – CE must protect electronic networks with WPA2 – WEP must never be used • Are you implementing these policies?
  • 12. Policy vs. Implementation • Common to conglomerate HIPAA policies and implementation • Healthcare religiously generates Privacy Rule policies, but few implement principles • A policy doesn’t cover business from compromise, but through implementation, you stand a fair chance against data thieves
  • 13. Best Practices: Find Help • Acknowledge you (or IT specialist) don’t have the training/time to pursue true HIPAA compliance • Find a provider to guide you – Caution: many HIPAA vendors don’t care about policy implementation because it increases their costs. Ensure your provider leads you through policy implementation.
  • 14. Best Practices: Who’s In Charge? • Identify who holds the assigned HIPAA Security Rule responsibility • If you don’t have someone, assign a HIPAA Security ambassador
  • 15. Best Practices: What’s Your Budget? • Determine implementation budget: – Weigh ROI against custom loss estimate – This will tell you how much a breach would cost your organization. • Use NIST risk calculation worksheet: – http://csrc.nist.gov/publications/nistpubs/800- 30-rev1/sp800_30_r1.pdf
  • 16. Best Practices: Record • Review current policy and procedure documentation • Take record of which policies you currently implement • What policies pertain to Privacy and what pertain to Security?
  • 17. Best Practices: Don’t Assume • Don’t assume new technology is secure – “But the package says it's a safe product!” – “But everyone says it’s invincible to viruses!” – “But the salesman at the HIPAA trade show says it follows HIPAA standards!” • Can’t believe what you read in marketing materials, or what people tell you about the security of a product or technology. • Counsel with your HIPAA advisor to learn how to safely implement new technology
  • 18. Best Practices: Where Are The Gaps? • Discover current security gaps – Get a HIPAA audit – Easiest, most thorough way to discover gaps • Take action – Come up with a plan to remediate gaps
  • 19. The True Cost • How expensive is implementation when compared to cost of compromise? • Are you willing to sacrifice patient trust?
  • 20. Sound Familiar? • “If you want a healthy body, you have two choices” – Diet, exercise, healthy foods now (inexpensive) – Hospital, surgery, personal trainer later (expensive) • Identical to HIPAA • “If you want to be secure, you have two choices” – Take necessary security precautions now (inexpensive) – Pay for forensic investigations, auditing, fines later(expensive)
  • 21. Contact Us HIPAA Compliance Team 877.364.9183 | hipaa@securitymetrics.com

Editor's Notes

  1. Comment from Bill: The message on the image seems very condescending to doctors. Am I reading that wrong?