Whose Job Is It? Navigating Compliance, OCR Enforcement, and the PHI Risk Threat Landscape
7 lessons learned from the 2016 Resolution Agreements and how bridging the gaps between Privacy, Security and Compliance can mitigate organizational risk and improve your compliance posture.
The year 2016 was record-breaking—but not in a good way. In 2016, OCR enforcement activity resulted in more cumulative settlements than in any previous year. The year’s many multimillion-dollar fines served notice: Healthcare organizations must exercise extreme vigilance in assuring and maintaining HIPAA compliance.
According to the Verizon 2016 Data Breach Investigations Report, nearly three-fourths of all healthcare data security incidents were attributed to insider threats. And though many of the breaches occurred within a span of minutes or even seconds, more than half of the breaches were not discovered for days. Months were required to discover more than a third of the breaches.
During this webinar, Imprivata FairWarning’s Senior Healthcare Privacy Specialist, Robert Mireles, and Director of Managed Privacy Services, Chuck Burbank, take a look back at 2016. They examine the events and incidents that made 2016 such a notably notorious year (more than 11 million healthcare records were exposed in June alone!).
The study of the past can yield valuable insights for the future. And indeed, a study of last year’s OCR activity provides nuggets of value for healthcare organizations. Robert and Chuck reveal the seven action steps that every healthcare organization must take NOW—lessons that were gleaned from 2016’s enforcement activities.
A look back at 2016 also revealed four key gaps in most healthcare organizations’ privacy and security defenses:
- Lack of monitoring
- Lack of encryption
- Lack of network-monitoring tools
- Lack of skilled personnel
But who’s job is it to plug those gaps? Who should be responsible for assuring compliance at your healthcare organization? Who must…
- Monitor for and detect breaches?
- Investigate potential incidents?
- Report confirmed breaches?
- Audit for compliance?
Robert and Chuck engage in a detailed discussion about those most responsible for maintaining security in a healthcare organization, along with the importance of fostering an organizational-wide, security-minded culture. And they provide some actionable, how-to advice for plugging the security gaps that exist at most healthcare organizations.
Also discussed is the largest single security threat to your organization: your people. People-Centric Security recognizes that your biggest asset, your people, also represents your largest threat.
Will 2016 continue to hold the record as the most active year in history for OCR enforcement activities? It’s unlikely; it appears that 2017 will at least rival 2016. But for those astute enough to prepare for the future by learning from the past, this webinar provides invaluable guidance for staying off that rapidly growing list of record-breaking OCR settlements.