Get My Score

The State of HIPAA and ePHI in 2017

cloud computing and hipaa compliance

As we get ready to head east next week to Boston and the HIMMS Cybersecurity Forum, download our new infographic covering the less than excellent state of HIPAA in America.   From multiple analysts and interviews, the key takeaway is that the healthcare rates a ‘C’ in security.   The industry must improve today’s state of affairs where the sector has had more incidents of breaches than any other sector critical to the economy, the personal health data (ePHI) of almost half of US residents have been compromised, and the resulting non-covered impact to these victims is $30B or more.  Looking back, the implementation of electronic health records was to help streamline care, but in fact interconnectivity and poor practices have helped the hackers are well.   The theft of ePHI also opens the door to persistent identity theft, since a social security number can’t be replaced as easy as a credit card.  On a larger scale, the total cost of a breach isn’t limited to the impact on the patient alone.  Once revealed, the organization is subject to fines, increased oversight, and damage to its brand.

Making the Grade - aws hipaa, azure hipaa, gcp hipaa


Why do breaches occur? 

One reason is that, in the past, cybersecurity surrounding patient records had been considered the domain of IT and handled reactively.  It just wasn’t something that would impact the patient on the operating table.  This must change, as security is now very much a patient protection issue.   Providers must understand the different attack vectors – hackers, nation states, hactivists, and insiders - and develop a comprehensive and continuous security framework that balances protection with usability.  They must implement previously documented best practices and close the gap on what is potentially their greatest vulnerability – the human element. 

How can your ePHI make the grade? 

One easy step is automating HIPAA technical controls, protecting the physical and virtual servers, both on-premise and across multiple cloud providers.  At a glance, these controls fall into four families, each equally important:

  • Integrity Controls: Confirmation ePHI isn’t improperly altered or destroyed
  • Access Controls: Record and examine access to ePHI
  • Transmission Security: Protection of ePHI over electronic networks
  • Audit Controls: Limit authorized persons to access ePHI

The Cavirin solution is easy to implement, doesn’t break the budget, and saves you from having to hire and train new personnel.   Automation lets you quickly understand your baseline security posture, where you have gaps, and how to remediate them.   Learn how by downloading our webinar, “Protection of ePHI Not Making the Grade?”


© 2019 Cavirin Systems, Inc. All rights reserved.