Third-party vendor security

Third-party HIPAA compliance

The HIPAA security rule applies to all health plan or health care providers but did you know that your suppliers and subcontractors also need to comply? Health care is often provided through multiple entities and changes to the HIPAA privacy and security rules in 2013 put an emphasis on vendor security. Vendors are now directly responsible for compliance with certain parts of the HIPAA regulations, and healthcare providers have a responsibility for doing due diligence in managing the risk of a data breach.

Most organizations that deal with medical information use systems that are generally designed for compliance. To provide the ePHI technical protection needed for HIPAA compliance, any systems where patient data could be accessed or stored must be protected. This includes computers and removable media such as USB sticks and this is where your Alertsec service plays a critical role.

There are other steps you can take to manage information security including:

• Identify third party suppliers handling PHI. They can include brokers, lawyers, accountants and even companies hired to securely dispose of paper and electronic data;
• Do regular HIPAA-focused vendor assessments eg. a security questionnaire to check existing safeguards;
• Share information about security technologies with vendors so they know how to protect themselves and your company.

If you have any questions, contact Alertsec to find out how we can help you: email us at info@alertsec.com or call +1 888 473 7022.

Health care data breaches increasing

23% of all data breaches occur in health care, according to a recent Brookings Institution study. The total number of breach victims tripled in the last two years alone and the per-record cost for healthcare data breaches is $363, the highest of any industry.

Healthcare organizations are now sharing digitized personal health data more widely with insurers, third party vendors and other providers and this is contributing to the likelihood of breaches, according to the study. Health care data contain valuable information such as social security numbers and home addresses and criminals are focusing on attacking the health care sector as they can charge premium prices on the black market for this information.
 

Read more...
 

Healthcare vendor data breach

EqualizeRCM Systems, a billing and collection services vendor in Texas has reported a data breach after an employee’s laptop containing patient information was stolen. A company statement lists eight healthcare providers whose patient data was contained on the stolen laptop. The laptop contained personal information for patients at specific facilities including names, addresses, insurance information, billing information, and other administrative data.
 

Read more...