888-448-5451 [email protected]

Obamacare HIPAA Information Security


As facilities continue working on their HIPAA compliance requirements, there are more standards executives need to take into consideration and get ready for.  This time what affects their everyday work is Obamacare.


With Obamacare healthcare data security for individuals and facilities confront at least three challenges: the potential of identity theft, increased risk of vulnerabilities and breach, and breach reporting under HIPAA.


Identity Theft

To advise Americans on Obamacare, HHS is implementing a navigator program. The navigators (the individuals hired to help citizens understand their health options) can give the necessary advice on best healthcare solutions to individuals by collecting or asking for their sensitive information. The sensitive information includes social security numbers and income levels to name a few.  Unfortunately, this practice can lead to identity theft due to the possible access of the sensitive data by identity thieves (who are always looking for ways to gather that type of information).


Vulnerabilities and Breach

Obamacare requires healthcare providers, insurers, and third parties to use electronic health records (EHR) to exchange information; yet many organizations are still relying on paper and fax to communicate data among hospitals.  Even though there has been some time for facilities to prepare, there hasn’t been enough time to allow facilities to switch to a full proof health information exchange (HIE) method where a thorough analysis of physical and system security requirements has taken place to ensure vulnerabilities are completely fixed.  By rushing, the risk of data breach due to security weakness increases; as does the potential of private information getting accessed by the wrong person or even being misplaced.


HIPAA Compliance and Breach Reporting

With facilities not having enough time to fully implement a secure system for HIE as it gets rushed in with Obamacare; and with HIPAA in full effect, we can expect an increase in breach reporting. Why? Because if there’s not enough time to put in place a strong security system, this means breach and with HIPAA this means reporting.  The consequence of breach reporting for facilities, as it is widely known by now, includes negative publicity and financial loss.  Both situations are not highly favored by executives, nor are they conducive to positive growth or business function.


There’s only so much executives can do to reduce the Obamacare information security challenges.  Some ways to ensure your facility is doing everything in it’s power to keep your patient’s data secure and avoid breach is to implement continuous monitoring; have regular vulnerability scans; implement physical and system security measures; have an incidence response plan and an external security support services team if necessary.


How are you ensuring your patient’s information security remains effective with the new laws and regulations your facility has to deal with?