Friday, August 26, 2016

SMBs Subject to New Fines for HIPAA Compliance Issues

August 26, 2016 - There’s a new warning from the government to small businesses. Safeguard your company, or else.

The US Health and Human Services Office for Civil Rights (OCR) said they would investigate small security breaches. Normally they investigate breaches affecting more than 500 people, but now they’re investigating breaches affecting less than that number.

"The news from The US Health and Human Services Office for Civil Rights should be a wakeup call to small business," Ebba Blitz, CEO of Alertsec. "If the OCR uncovers widespread HIPAA compliance issues, that could mean small companies are at risk for new fines."

This is important because smaller companies who need encryption don’t have to pay for an IT department or cumbersome software. They can get enterprise-level encryption software that would be unavailable otherwise.  This is crucial to small businesses who are required by HIPAA to encrypt their laptops.

"According to the Ponemon Institute more than half of all data breaches emanate from a lost or stolen unencrypted laptop," Ebba said. "When we work and live with sensitive information at our fingertips this information needs to be safe. Not only is a breach damaging to patients and clients, ultimately it will affect you brand and revenue. Protecting health information will soon be an issue that will move from the IT departments to the boards."

OCR listed that factors will spark an investigation:
•         the size of the breach;
•         whether theft of or improper disposal of unencrypted Protected Health Information (PHI) occurred;
•         whether unwanted intrusions to IT systems (for example, by hacking) occurred;
•         the amount, nature and sensitivity of the PHI involved; or
•         cases where an entity has numerous breaches involving similar issues.

This makes encryption more important than ever before. If a laptop is lost or stolen (more than 1 million laptops are lost in the USA every year, according to Ponemon) the information can be hacked. However, if the computer is encrypted it can’t.