“Cyber attacks only happen to other people.” This common but mistaken belief among practice administrators has lured many into a false sense of security when it comes to their risk of exposure. Whether you are a small office with low visibility in the online world or a major international conglomerate, all healthcare providers and their staff need to be aware of the vulnerabilities of patient information online.
According to the Health and Human Services’ Office for Civil Rights, more than 95,000 healthcare records were exposed or stolen just in June of this year. Sound like a lot of records? Believe it or not, June was a good month. In May, far more medical records were breached. All of the numbers are not in yet, but experts estimate that approximately 11 million healthcare records have been exposed or breached since the first of the year. These records have been compromised in dozens of different incidents all around the country.
These cyber threats coincide with increased government enforcement of HIPAA. The Office of Civil Rights recently began phase II of its HIPAA audit program, which includes desk and onsite audits. In addition, state attorney generals are now more actively enforcing issues related patient privacy.
One of your practice’s best defenses against HIPAA compliance problems is education. Pursuant to federal law, your staff must be trained periodically on patient privacy issues. With regulations updated annually, it is best practice to train your staff annually as well. Training should involve traditional patient privacy issues and cyber hygiene. Because so much of the practice of medicine now involves electronic information, your staff needs to be trained on how to carefully handle it.
Keeping your staff up-to-date on patient privacy training will send the message that this topic is mission-critical to your practice. While there are certainly other components to HIPAA compliance, proper staff training is a great place to begin and a critical component to your overall compliance strategy.
Looking for a cost-effective way to deliver HIPAA training to your organization? Learn more about Availity Learning Center’s on-demand HIPAA training courses.