Early July sees the latest fines imposed by Health & Human Services Office for Civil Rights for HIPAA violations.
The University of California Los Angeles Health System (UCLAHS) received an $865,000 fine as a result of employees viewing celebrity medical records repeatedly & without permission. Article is located Here. The UCLAHS must also put into place appropriate safeguards to ensure that this practice stops. Besides the hefty fine, UCLAHS must create & enforce policies & procedures in accordance with HIPAA, ensure their staff goes through proper Security Awareness Training, and implement effective audit controls.
This brings to light that sometimes threats come from inside, where many companies tend to be lax in their controls. While we are all concerned with protecting our environments from outside threats, potentially because of the “breach-a-day-headlines” we see – appropriate attention needs to be paid to getting & staying compliant with the regulations that apply to your specific company. Having an effective audit trail of who accessed what sensitive data, when, and why should be in effect for just about every organization. There are great solutions to add to your Information Security Management System for creating, maintaining, and reporting on this type of audit trail, most of which will not only assist in compliance and security, but save countless hours when it comes time to generate reports for your internal auditors.
These solutions can also perform scans of your environment for compliance against multiple requirements such as HIPAA and PCI Compliance, allowing your organization to make adjustments as necessary, have an audit trail for maintaining compliance; and of equal importance, increasing your security posture. If you would like to learn more about solutions to help your company against internal & external threats, or creating effective audit trails, give HALOCK Security Labs a call or email me for more information.