News

5 Common HIPAA Compliance Pitfalls For Healthcare Orgs To Avoid

5 Common HIPAA Compliance Pitfalls For Healthcare Orgs To Avoid
by Jessica Davis

Healthcare attorney Matthew Fisher on how providers can work toward better compliance policies and avoid common mistakes.

For a healthcare organization to be HIPAA compliant it needs to ensure the right patient controls and rights are in place when it comes to protected health information. But in an age where cyber threats are growing in both sophistication and proliferation, it adds a level of complexity.

HIPAA was established before these cyber threats became such an issue, which can cause some challenges with trying to keep up, said Matt Fisher, partner with Mirick O’Connell, in opening the HIPAA compliance session at the Healthcare Security Forum on Monday.

“The best thing an organization can do is try to stay ahead of the issues,” Fisher said. “As soon as you identify issues that could turn into problems, you have to seek help. And don’t try to do it alone.”

In fact, it’s cheaper to take care of issues up front, than to try and fix it after an incident has occurred, explained Fisher. Some of Fisher’s clients have attempted this route, but the thought process is flawed due to healthcare’s “particular issues and nuances that can cause an organization to foul up.”

For Fisher, there are five large challenges when it comes to ensuring HIPAA compliance.

Firstly, many healthcare providers make the mistake of assuming general insurance is enough to cover cyber incidents. But Fisher said that’s simply not the case.

“Your coverage is based on the premium you pay. When you have general coverage, it’s meant for the other areas of your organization,” said Fisher. “Cyberattacks are also near-certainty at this point, and the insurance company will only make a profit by holding onto money.”

Read full article on HealthCareITNews.