HealthcareCISO

Cybercriminals are a growing threat, and if you weren’t paying attention before, maybe the recent Colonial Pipeline Attack that created a gas shortage in five states and Washington, D.C., caught your attention.

The perpetrators of this attack may have apologized, but that doesn’t mean every cyberattack will be the same experience. Physicians need to take note of the lessons of this attack as data breaches are trending upward and every practice is a target. Patient safety needs to be more than a bedside concern. Here are five questions all practices should ask themselves about whether they have their cybersecurity under control. Practices that are noncompliant may face significant fees, penalties and loss of reputation.

Are you violating HIPAA with text messages and emails? While not explicitly called out under HIPAA, texting and email are considered forms of electronic data transmission and, as such, are subject to rules regarding how personal health information (PHI) is transmitted. In other words, you should not communicate things such as diagnoses, procedures or other protected information through SMS or IM text or email unless a) the patient has provided written authorization or b) you are using a HIPAA-compliant messaging application. As a general rule, SMS or IM texting directly through a phone will not meet requirement b.
When did your practice last complete a risk assessment? Under HIPAA, all...