September 23, 2013 was a deadline for all medical industry contractors and vendors to comply with HIPAA omnibus rule. This applies to all companies that touched sensitive patient information such as law firms, accountants, data analytics, and other health IT companies that serve the healthcare industry. According to the new rules the companies that are not compliant can get hit with fines of up to $1.5 million per violation. The risks have risen drastically, right?
According to the Department of Health and Human Services’ Office for Civil Right the companies will spend a total of 32.8 million hours complying with the new rules. This time the federal regulators are really serious in their efforts and are already planning for a permanent HIPAA audit program in 2014.
When it comes to protecting the sensitive data there several basic things one needs to keep in mind:
- Make sure that the right access permissions are delegated only to the right parties
- Control the permission changes to ensure that the intelligence is protected
Being able to detect and report on changes to permissions is critical because even an accidental change to file permissions on the file server can lead to unauthorized access to your data. This is where the change auditing of critical security systems and data comes into play. Not only will it help your company to control the changes to current configurations of your file servers, but also report on who accessed what file in case of a breach.
That being said if your company is still lagging behind its compliance program, you’d better hurry up. An impressive of 1.5 million per violation makes it never too late.