Medical Identity Theft Increases By 26%
Securing Electronic Protected Health Information
The security and privacy of electronic protected health information (”EPHI”) is a mandatory requirement of health care organizations and providers under HIPAA. HIPAA’s Security Rule requires that all covered entities conduct regular assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of their EPHI and systems.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, has significantly increased the liability of covered entities under HIPAA, and more broadly, their business associates. Effective February 17, 2010, business associates are directly subject to HIPAA’s enforcement scheme.
This means that the HIPAA Administrative Simplification Security Rule applies to a business associate of a covered entity in the same manner that such sections apply to the covered entity. Under the HITECH privacy provisions, the business associate now has direct responsibility and liability for a breach as does healthcare providers. The Security Rule focuses on administrative safeguards, technical safeguards and physical safeguards, and it is important that business associates implement and maintain these safeguards in order to ensure they are compliant with the HITECH Act.
NCX offers the following security assessments and tests to help assess your overall risk and the effectiveness of your security controls that support audit and compliance:
- Information Security Assessment – Secure24 Comprehensive Security Review
- Penetration Testing
- Vulnerability Testing
- Web Application Testing
- MyCSO Services
- Business Continuity
- Data Forensics & E-Discovery
- Policies & Procedures
- Code Review