HIPAA security and privacy rule requires many resources for an organization to be compliant. Resources can be time consuming and often create operational issues and financial burden for covered entities. Organizations often believe that there is one solution out there that will make achieve compliance or, more importantly, secure the organization. This leads organizations to consider two big questions: Where do I focus my resources to meet the HIPAA security and privacy rule? -and- Is being HIPAA security and privacy rule compliant good enough to lower the risk of a breach?
In 2018 there were various fines paid by healthcare organizations for failure to comply with the HIPAA security and privacy standards. Reviewing the trends of fines in 2018 can be beneficial to healthcare organizations, providing an opportunity to learn and proactively correct outstanding violations within your organization. The various trends of fines included lack of compliance in the following areas:
Earlier this year, the FDA released guidance for Postmarket Management of Cybersecurity in Medical Devices. While many agree that the recommendations will help guide developers and manufacturers, these are still "non-binding" and are simply recommendations, not requirements. With the stakes being so high and the continued growth of cyber threats, if and when will the FDA begin mandating these recommendations?
This past month the FFIEC issued a statement to provide clarification on several questions the FFIEC recieved for the Cybersecurity Assessment Tool (CAT). Since the release of the CAT and with the statement issued last month, I have recieved numerous questions from clients that I wanted to share with you to provide you insight on its value and use to your management team. So, here are our FAQs:
Clients rely on HORNE Cyber to build their cyber resilience. HORNE Cyber's offense-oriented approach to cybersecurity uncovers hidden cyber risk and significantly reduces exposure to security threats, allowing clients to stay compliant with ever-growing regulations and use technology as a lever for growth. HORNE Cyber is a HORNE LLP company.