Healthcare data is some of the most prized, valuable, and unperishable. The highly personal nature of healthcare data includes information such as Social Security numbers, birthdates, addresses, diagnosis codes, billing information and more. Thieves around the world covet this highly sensitive data for more than just identity theft, which is highly lucrative. They buy and resell drugs and medical equipment and even file false claims with insurers to rake in millions. Stolen healthcare credentials fetch up to 20 times more than a stolen credit card on the black market. Hospitals and healthcare organizations are frequently targeted because of their low or outdated security. The number of cyberattacks on the healthcare industry has more than doubled over the last decade.
In fact, here are a few alarming statistics regarding cybersecurity in the healthcare industry:
- 89% of healthcare providers have suffered data breaches in the past two years.
- 41% of Americans have had their protected health information exposed in the last three years.
- Data breaches cost healthcare providers an average of $6.45 million.
- Healthcare institutions spend an average of $429 per stolen record.
- By 2021, there’s an expected loss of $6 trillion due to cyber-related crimes.
- Healthcare providers took 197 days to identify a data breach and 69 days to contain it.
Clearly, it’s becoming increasingly important to ensure your practice implements the best safeguards to protect sensitive patient health information.
HIPAA’s shortcomings that gave way to the rise
The HIPPA laws were passed more than two decades ago to help to protect people’s sensitive medical information, including those that exist in electronic form. It addresses federal and state compliance with security safeguards at the administrative, physical and technical levels. This law applies to all healthcare organizations and providers. However, in its purest form, the law gives healthcare organizations the ability to analyze their own level of risk and determine the best comprehensive information security program for themselves. Unfortunately, most of these organizations have been unprepared to handle this responsibility. Without the necessary clarity to meet security requirements while staying in compliance, most organizations failed miserably, leaving information unknowingly vulnerable.
HITRUST development to provide a framework for managing HIPAA requirements
In 2007, a group of industry leaders recognized the need for an industry standard for the information security framework. They came together to create the HITRUST CSF — a nonprofit organization that manages information risk, develops security framework, and maintains compliance within the healthcare industry. They have a seasoned management team dedicated to cybersecurity education. HITRUST CSF is currently the most widely adopted information privacy, security risk management and compliance framework in the U.S.
HITRUST certification means a billing statement provider has a prescriptive set of controls for a broad range of regulations
The HITRUST certification gives vendors and medical billing statement providers a specific set of guidelines to meet goals and stay in compliance within a range of regulations. HITRUST’s industry-managed approach creates a virtual roadmap that vendors and statement providers can use to manage compliance and reduce risk. By incorporating existing globally recognized standards and scaling to the organization’s size, HITRUST provides clear guidelines for an organization to save considerable time and money while safeguarding information and maintaining compliance across the board.
“Within the HIPAA Security Rule, certain specifications are required, and others are addressable. An organization can choose not to implement addressable specifications if there is a valid business reason.”
– Joe McDermott
HITRUST technical lead with Schellman
HITRUST’s high bar for certification means that you can trust certified corporations with your data
The results and the efficacy of the HITRUST approach are unparalleled in the industry. A HITRUST certification means that there is no erosion in the vendor’s security and compliance posture, giving partner and parent organizations peace of mind. A vendor’s HITRUST certification makes it easier to mitigate risk, maintain compliance and minimize waste effectively and efficiently. It also communicates an organization’s commitment to the privacy of patients’ sensitive medical data, building credibility and trust.
MailMyStatements proudly holds this certification and takes the protection of partner and patient information very seriously. Start a conversation with us today about how our technologically driven billing and payment systems can benefit your practice.
Hugh Sullivan is the CEO of MailMyStatements, an industry-leading healthcare billing, and payments company. He has over 25 years of experience as a seasoned healthcare executive, was the co-founder of ENS Health — a highly successful national healthcare electronic data interchange company, and has served in various leadership roles within Optum, a UnitedHealth Group company. Considered as an industry thought leader, Hugh is an expert in using health IT to improve healthcare information exchange, which can enhance the quality of care, improve efficiency, and reduce costs.
You can follow Hugh on Twitter @hughdsullivan