Recently, I had the opportunity to attend the Health Care Compliance Association’s (HCCA) 19th annual compliance institute conference. There were a number of very interesting speakers including the Senior Advisor for HIPAA Compliance and Enforcement from the US Department of Health and Human Services and the Deputy Assistant Director of the FBI’s Cyber Intelligence, Outreach, and Support branch. After attending their presentations, it was quite clear that the challenges facing healthcare organizations might be more complex than other industries because it’s one of the only sector that uses and stores Personal Identifiable Information (PII), Protected Health Information (PHI) and Payment Card Information (PCI) data. In addition, PHI data can be exploited in more ways than the others including:
- Medical device fraud
- Prescription fraud
- Healthcare/medical fraud
- Tax fraud
- Identity theft
This results in a higher rate on the black market making it more desirable to thieves and to complicate matters even more because of the nature of some of these exploitations the victims are often unaware that their PHI has been compromised.
As a result of these things many organizations are struggling with the magnitude of protecting PHI data and HIPAA compliance. You can get ahead of the game by selecting key foundational security controls that satisfy multiple control objectives like authorization and monitoring, thereby enabling you to both achieve and demonstrate compliance while also automating compliance-related tasks.
Privileged or SuperUser management and monitoring is one of the key controls required by today’s IT compliance mandates and also is foundational to ensuring IT security. If you like to learn more about managing privileged accounts read this techbrief, Get ahead of your next security breach, five steps to mitigate the risks of privileged accounts.