HIPAA

10
Mar
2020

Data Security Resonates with Consumers

A recent survey from IBM found 78% of consumers say a company’s ability to keep their data private is “Extremely Important.” The same survey found that only 20% of consumers completely trust the organizations they do business with to keep their data safe.

Many organizations are struggling to keep up with data security. Companies collect and store more information on consumers than ever before, and the risks are higher than ever to keep that data safe. Federal and state legislatures are trying to find the right balance of rules and penalties, and many small businesses are lost in all of the information.

The current study on Cyber Resilience by IBM Security shows organizations are still struggling to keep consumer’s data safe. The study found organizations are facing a skills gap when trying to be more cyber resilient. These companies identify the best way to protect client data is to hire personnel skilled in this area. They also reported it’s very difficult to find and keep skilled cybersecurity professionals.

Skilled Cybersecurity Professionals Graph

 

At the same time organizations are seeing the importance of privacy in their IT security framework:

Importance of Privacy

With the California Consumer Privacy Act taking effect January 2020, many organizations are scrambling to understand the guidelines. Because of the sheer number of Californians, most organizations are choosing to make the changes for all of their customers instead of treating California residents differently.

All of these factors combine to create a complex problem for a business owner. Consumers understand the importance of data security after years of huge data breaches in the news. Organizations are struggling to hire and keep up-to-date skilled employees to keep customer data safe and adhere to new and evolving privacy regulations.

Many organizations are finding that it’s cheaper and more effective to outsource these responsibilities to an experienced Managed Service Provider like Quanexus. Data security is a priority for consumers. Is your company doing everything it can to protect client data?

Take a look at our latest video on Getting Started with IT Security and follow along in the video series to better understand what Quanexus can do for your business.

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization
03
Jul
2012
Small Practice fined by HHS for HIPAA Security Violation

Small Practice fined by HHS for HIPAA Security Violation

Health and Human Services continues to crack down on covered entities that are failing to abide by HIPAA. Most of the news coverage is about large entities being fined millions for failing to protect their data. Most recently Alaska settled their HIPAA case with HHS for 1.7 million, however smaller entities are being targeted.

Phoenix Cardiac Surgery, a 5 person practice in Arizona agreed to pay $100,000 in civil money penalty along with taking corrective actions.  Specifically HHS found the following:

  • “Phoenix Cardiac Surgery failed to implement adequate policies and procedures to appropriately safeguard patient information;
  • Phoenix Cardiac Surgery failed to document that it trained any employees on its policies and procedures on the Privacy and Security Rules;
  • Phoenix Cardiac Surgery failed to identify a security official and conduct a risk analysis; and
  • Phoenix Cardiac Surgery failed to obtain business associate agreements with Internet-based email and calendar services where the provision of the service included storage of and access to its ePHI.”

The overview of the case can be found on the HHS website.

A resource for HIPAA Security Rule compliance is provided by NIST 800-66 and is provided as an introductory guide.  Additionally, practices should consider forming a relationship with third party organizations that specialize in compliance.

Posted by Jack Gerbs in Information Security, Small Business