HIPAA Compliance Highlighted at Government Conference

by | Sep 24, 2014

The main focus at the the 7th annual conference, Safeguarding Health Information: Building Assurance Through HIPAA Security held this month in Washington D.C. was to highlight the current state of health information management and to explore the use of information technology in healthcare while ensuring Health Insurance Portability and Accountability Act (HIPAA) compliance.

Practical advice and strategies were also presented at the conference – co-hosted by the National Institute of Standards and Technology (NIST), the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS) – to streamline implementation of the HIPPA Security Rule.

The HIPPA Security Rule was established to set a standard to ensure the privacy and confidentiality of patients’ health information. Healthcare organizations and other HIPAA covered bodies are required put in place appropriate safeguards to protect electronic health information during storage and transit. Proper technical, administrative and physical safeguards must be used to stop unauthorized access to patient health data.

Conference sessions covered topics including security management, how to improve cybersecurity, risk management and strategies for responding to data breaches. Sessions included were healthcare industry focused and the issues currently being faced by organizations trying to ensure HIPAA compliance were examined. Updates were provided on the Omnibus HIPAA/HITECH Final Rule, advice provided in relation to data breach management and how to secure mobile devices to ensure HIPAA compliance.

Best Practices to Enhance Cyber Security in Healthcare

The conference focused on practical actions organizations can take to improve cybersecurity and ensure compliance with existing legislation.

Risk Assessment and Management

In order to ensure HIPAA compliance and stop unauthorized access to Private Health Information (PHI), a thorough data security risk assessment must be completed. Effective strategies can then be put in place to manage and minimize any data security risks which are found. A recent audit by the Office for Civil Rights recent revealed two thirds of organizations had not completed an adequate risk analysis; a requirement of the Security Rule. Without a thorough assessment it is not possible to apply all appropriate measures to safeguard PHI.

Heightened Security Threat in Healthcare Demands Data Encryption

Secure storage and hosting of healthcare data is vital to stop unlawful access and theft. Throughout the conference panelists highlighted the importance of implementing appropriate cybersecurity controls should now extend to data encryption due to the high risk of data theft. Data encryption ensures that in the event of an attack data cannot be seen by unauthorized individuals. Data breaches may not be stopped but the damage caused can be lessened.

Mobiles Devices must be Secured

The OCR stressed the requirement for mobile devices to be secured as 60% of all reported data breaches involving 500 or more people was due to the loss of laptop computers, tablets, Smartphones and other media containing unencrypted data. Data encryption services for mobiles and laptops could minimize the number of data breaches which are happening on an almost daily basis.

Data Breach Management

Due to the sophisticated nature of cybersecurity attacks the OCR acknowledged that data breaches are not alway preventable and plans must therefore be developed to enable organizations to react to a data breach. Action must be taken quickly to limit any loss and damage caused. It was also made clear that should organizations not take appropriate measures to keep PHI secure they face heavy penalties. The OCR will be carrying out audits to ensure HIPAA compliance and panelists emphasized the importance of keeping detailed records on all compliance efforts to avoid a full scale compliance review. It also recommended completing frequent risk assessments to ensure continued HIPAA compliance.

Effective Compliance Training is Vitally Important

All but one of the 59 companies audited by the OCR that had negative findings was thought to have suffered from inadequate training on HIPAA compliance. It highlighted that the only way to ensure full compliance was to provide training to all staff members on the importance of data security and to effectively relay compliance policies and procedures. In order for that to be possible those conducting the training must fully understand all current regulations and their implications for their organization.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy