The vast majority of ePHI breaches result from the loss or theft of mobile devices containing unencrypted data and the transmission of unsecured ePHI across open networks.
Breaches of this nature are easily avoidable if all ePHI is encrypted. Although the current HIPAA regulations do not demand encryption in every circumstance, it is a security measure which should be thoroughly evaluated and addressed. Suitable alternatives should be used if data encryption is not implemented. Data encryption renders stored and transmitted data unreadable and unusable in the event of theft.
Risk assessment and management is a key consideration for HIPAA IT security. One way to help ensure risks are identified and appropriate controls are implemented as part of your HIPAA IT compliance program is to adopt the NIST Cybersecurity Framework. The NIST Cybersecurity Framework will help prevent data breaches, and detect and respond to attacks in a HIPAA compliant manner when attacks do occur.
The Administrative Safeguards are the policies and procedures which bring the Privacy Rule and the Security Rule together. They are the pivotal elements of a HIPAA compliance checklist and require that a Security Officer and a Privacy Officer be assigned to put the measures in place to protect ePHI, while they also govern the conduct of the workforce. Raptor Firewalls can help you reach and maintain HIPAA and other government compliance requirements.