Find out why you won’t find that special IT HIPAA Compliance Checklist you, and many other health care organizations, have been hoping to discover.
At HIPAAgps, we have received the same question a lot from different IT companies: Why isn’t there a good HIPAA Compliance Checklist for electronic information security? There are plenty of articles touting their own HIPAA Compliance Checklist, but they fall short of telling IT companies and IT personnel at health care organizations exactly what should be done to remain HIPAA Compliant.
This is due to the nature of HIPAA regulations. HIPAA was specifically created and left a bit vague so smaller organizations could find their own financially feasible ways of implementing HIPAA standards. Also, HIPAA was written before computers were so regularly used in health care, with the Security Rule enacted in 2003. Aside from some slight modifications with the HITECH and Omnibus Ruling, very little in HIPAA rulings have changed since 2003.
However, the electronic world has evolved significantly. So much so that the health care industry now faces phishing and ransomware on top of trying to care for patients. Phishing.org suggests phishing has been around since 1995, but it wasn’t commonly known about until about 2005. Ransomware has also been around for more than two decades now, but it was not considered a prevalent issue until recently. According to an FBI ransomware article released in April 2016, law enforcement saw a significant increase of ransomware attacks in 2015, and 2016 is set to increase even more if organizations, like hospitals and small practices, do not prepare in advance. With these cyber-attacks becoming a more serious threat in recent years, it’s not surprising that the HIPAA laws from 2003 don’t provide clear, extensive guidance on them.
Consequently, the perfect HIPAA Compliance checklist for IT companies does not exist. Using best practices and the NIST framework will get your organization closer to HIPAA compliance in IT procedures; however, a lot more will fall on your organization’s ability to identify feasible, effective methods for protecting your protected health information (PHI). Using HIPAAgps can help you identify those methods and get you farther on your road to HIPAA Compliance.