The July 2017 Cybersecurity Newsletter from the Office of Civil Rights details information on providing more cybersecurity training for employees.
The recent increase in ransomware seems to have pushed the Office of Civil Rights (OCR) to remind organizations why cybersecurity training for employees is so important. The OCR states that a “covered entity’s workforce is its frontline not only in patient care and patient service, but also in safeguarding the privacy and security of its patient’s protected health information (PHI).” And, this front line of defense should be trained accordingly.
Reminder: HIPAA compliance specifically requires security awareness training for all employees.
The OCR also states that there has been a ten percent increase in security-related HIPAA violations within the last couple of years, based on the 2015 and 2017 KPMG Cyber Healthcare & Life Sciences Surveys. This increase is due to ransomware attacks on top of the usual issues such as lost or stolen media, impermissible access online to private information, and emails sent to the wrong recipients.
The OCR maintains that some of these ransomware events and other cyber-attacks could have been prevented if employees had received better training. As our society and health care moves everything to a much more electronic environment, cybersecurity training is becoming more and more important.
If you are looking for more in-depth cybersecurity training, our partners at MainNerve can help you. Visit their site here to learn more about the training and other cyber security services that they provide.
The OCR newsletter also provides covered entities and business associates information and some best practice guidance on what to consider when designing a training program. This can include how often to train on security issues, using security reminders between training, and what type of training to conduct.
Join HIPAAgps today and learn more about the specific HIPAA compliance requirements around cybersecurity training and use our training videos to help protect patient health information.