For hospitals and health systems today, it’s not a matter of WILL my organization get targeted by hackers but WHEN. Nearly 90 percent of healthcare organizations surveyed by the Ponemon Institute for its Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data experienced a data breach in the past two years, and nearly half (45 percent), had more than five data breaches in the same time period.1
If you are a healthcare organization, you need to prepare for responding to a hack. This preparation should include the following:
1. a description of your incident response process including responsible parties
2. a description of your incident analysis and risk assessment process
3. identification of notification requirements
4. a post-incident analysis and corrective action plan
Just because healthcare data hacking is on the rise doesn’t mean you should just sit back and wait for it to happen to your organization. Be proactive with your data security – audit yourself to uncover areas of vulnerability, determine what data sources are sensitive/valuable, and start with the basics – such as improving the strength of passwords – and work from there toward greater security measures to protect your patients.
Read this case study to learn how Eskenazi Health, a 315-bed hospital in Indianapolis, has improved compliance with the HIPAA Final Omnibus Rule and become better prepared for an OCR audit.