Hospitals be ready for a surprise audit...this comes right on the heals of another post today about the breach with Health Net publishing personal information on several physicians on the web...is this a problem...YES...see the comments from Dr. Halamka below (and use the link to read more from his blog under the blog roll section). The HIPAA audits may have finally arrived...and the solutions go way beyond a year's free credit rating services for those who have been compromised...as that is only a Band-Aid for the entire process...BD
Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there's now the prospect of a surprise audit from the federal government agency in charge of overseeing the Health Insurance Portability and Accountability Act security and privacy rules. The prospect of an unannounced HIPAA audit by the government is an event that could shake anyone up, but in the final analysis, the federal probes are probably good for the healthcare industry, says Mark Jacobs, director of technology services in the data-center operations at Pennsylvania-based WellSpan Health.
“There is definitely an uptick in attacks,” says Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area. “Privacy is the foundation of everything we do. We don’t want to be the TJX of healthcare.” TJX is the Framingham, Mass-based retailer which last year disclosed a massive data breach involving customer records.
The U.S. Department of Health and Human Services (HHS), which oversees HIPAA compliance, has contracted with the firm PricewaterhouseCoopers (PWC) to conduct surprise audits of hospitals this year, says Gartner analyst Barry Runyon.