Article

HIPAA Compliance Does Not Equal Data Security

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet970 viewsSign in to rate
Healthcare is one of the most regulated industries in the U.S. HIPAA, or the Health Insurance Portability and Accountability Act of 1996, requires healthcare organizations and their third-party service providers, such as labs and billing companies, to have data security measures in place protect patients’ private health information (PHI). HIPAA compliance is complex, and the penalties for non-compliance are stiff; if a facility’s PHI is breached, and it is found they were not compliant with HIPAA, the facility could face millions of dollars worth of fines. In some cases, company executives can even be held criminally liable. C-level executives in the healthcare industry may not understand the intricacies of ransomware attacks or phishing schemes, but they do understand the seriousness of HIPAA compliance. They also fall into the trap of thinking that if their organization is compliant with HIPAA, that means their systems are safe. As a result, they devote most or all of their cyber security resources to complying with HIPAA. HIPAA compliance is crucial – but a cyber security plan cannot start and end with HIPAA compliance. HIPAA Compliance Is Only a Starting Point to Protecting Patient Data Today’s healthcare IT environment is highly complex. In addition to electronic health records (EHRs), mobile technology, cloud applications, electronic health exchanges, and Internet of Things (IoT) devices are growing in popularity. These technologies are making it easier for healthcare providers to deliver quality care and are improving patients’ lives, but each new gadget and application means new vulnerabilities for hackers to exploit. In a recent survey of information security experts conducted by the Brookings Institution, most respondents indicated that they felt HIPAA does not sufficiently address modern healthcare data security issues, mainly because the law is light on specifics. HIPAA compliance is primarily about demonstrating that an organization has met certain documentation and procedural requirements. It does not outline precise technical safeguards. The proof that HIPAA compliance is insufficient to protect against ransomware and data breaches is in the statistics. Healthcare is the most likely industry to experience a data breach. Nearly 90% of healthcare organizations – and 60% of third-party healthcare vendors – have experienced at least one breach. Nearly 80% have had two or more, and nearly 50% have had three or more. Why Isn’t HIPAA Compliance Enough? There are several reasons why HIPAA compliance does not provide full data protection on its own. First, it isn’t meant to. Technology simply changes too quickly for any legislation to keep up. By the time a new set of rules were written, they’d already be out of date! This is why HIPAA focuses on what organizations need to achieve, not on precisely how they should go about achieving it. Second, every organization’s IT environment is different. A data security plan that works well at one facility may fall flat at another. Finally, compliance rules cannot adequately address the threats posed by mistakes, negligence, or malicious acts on the part of a facility’s employees, which cause nearly half of all data breaches. HIPAA compliance should be the starting point – not the entirety – of a comprehensive, proactive healthcare data security plan.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026