Cyber Risks Threaten Health Care Industry

Although health care companies have historically taken pains to protect patient information, including following privacy and security regulations, this is not always enough to keep this information safe from cyber threats. Fortunately, there are some steps physician groups and other health care companies can take to protect themselves.

For nearly 20 years, health care groups have had to comply with the 1996 Health Insurance Portability and Accountability Act, designed to protect individuals from the public broadcast of private health information. Although this law certainly addresses the importance of protecting this information and delivers a mandate to physician groups to take steps to keep it safe, it has not been updated to ensure protection against cyber threats. Information security experts estimate that cyber-security threats evolve nearly every 30 days. Not only does the law not respond to these threats, it could not be updated and passed quickly enough to continue to evolve with these threats. This is why it is so important for health care groups to take their own measures to protect the security of their patients.

Health care companies would be well served to consider implementing security practices formerly reserved for the banking industry, which has long faced security threats. These measures include techniques such as multi-vector authentication and encryption of data.

Some health care practices have even gone the extra step of hiring technology executives whose job it is to protect the security of patient health and financial information. Although there are not regulations that require these steps, patients who have experienced a breach may nonetheless sue the practice, opening physician groups up to high costs. By taking a risk-based approach, practices can get ahead of the threats and ensure greater protection to their patients and their practice.

If your New Jersey, New York, or Pennsylvania medical practice is facing litigation due to a breach in patient information security, speak with a dedicated health law attorney at Buttaci Leardi & Werner, LLC.

Tagged with: ,

Posted in: Regulation