Who has to be cybersecurity compliant with the HIPAA.
The list also includes Physical Therapy Care, Home Health Services, Hospice Care, Rehabilitation Centers, Health Care Providers, Doctors, Clinics, Psychologists, Dentists, Chiropractors, Nursing homes, Pharmacies, Health Plan, Health Insurance Companies, HMOs, Company health plans, Government-provided health care plans, Health Care Clearinghouses, entities that process healthcare data from another entity into a standard form.
Don’t get caught in a HIPAA data breach
Many Small Businesses in the healthcare industry have to be HIPAA Compliant and do not even realize it or are unable to afford the high prices most corporations charge to help you be compliant. What is worse is that much of the information they give you is provided by the government for FREE.
You started your healthcare business to help people not get wrapped up in IT work and government regulations, Let us handle that for you so you can get back to doing what you love… helping people and running your business!
We give you the best protection for your patient files containing personally identifiable information, medical information, and all other confidential information you need to keep secure in case of cyberbreach or data loss.
HIPAA Statistics
In 2020 over 600 Small Healthcare Businesses were hacked and experienced data breaches of and average of 3900 records each.
In 2020 Human Error caused 143 data breaches compromising over 750,000 patient records.
In 202 Improper Disposal of Records caused 16 data breaches and exposed 600,000 patient files.
In 202 Business associates of Small Healthcare Businesses were responsible for 73 data breaches
In 2020 the average HIPAA Penalty was $713,500 paid by the Small Healthcare Business Owners. The smallest fines were $70,000.
From: https://www.hipaajournal.com/healthcare-data-breach-statistics
How is my Medical related business vulnerable to cyber-attacks?
Healthcare records on the dark web sell for as much as $1000 each individual record , or 2.5 times the average across industries, according to the Ponemon Institute.
88% of all ransomware attacks were centered on the healthcare industry.
Over 50% of the breaches come from people within the organization, i.e. human error.
The healthcare sector has one of the lowest rates of data encryption, with just 31% reporting that they use encryption extensively and 20% reported they do not use it at all.
Our consultants at Cybersecurity4biz will help you navigate the complex regulations to see exactly what you are required to do for you unique situation and provide you with a low-cost solution.
HIPAA Penalties
HIPAA penalties do distinguish degrees of “not knowing,” However, a hefty fine will still be assessed. Can your company deal with even a $50,000 (per violation) hit to the pocket book? This chart shows the breakdown of potential penalties.
If you are NIST CSF compliant you can claim “Safe Harbor” and be exempt from the fines!
I didn’t know
Claiming “I didn’t know” as a defense feels like it should automatically make you innocent (after all, you didn’t intend it, right?), the fact is, if you handle protected health information (PHI) on behalf of others - the law says you’re responsible to know, and to ensure that you abide by the rules.
Minimum Fine for I didn’t know is $50,000