Credential management for best practice GDPR compliance

Healthcare is one of the most targeted sectors by cyber criminals, in fact it is in the top five along with government, financial, education, and retail [1] , and the threat is as present as ever. In 2021 583 data breaches were reported in the healthcare sector, that equates to 14% of the total reported data breaches. Concerningly, there has been an increase in the last three years in the number of incidents which expose social security numbers or their non-US equivalent.

[1] Data breach Quickview Report 2021

An important step to protecting healthcare data and the institutions that use the data is to safeguard against unauthorised access. Issuing and managing secure digital identities helps to ensure that only those who have the required authorisation can access Private Health Information (PHI).

What is HIPAA

HIPAA is a law which was passed in the United States in 1996, to protect Private Health Information. The Health Insurance Portability and Accountability Act (HIPAA) aims to protect individuals’ medical records and other individually identifiable private health information (PHI). The act gives individuals the right to access to their health information. Health records have been paper based but are more likely to be electronically recorded nowadays. However private health information is stored, the law remains the same to protect individuals’ private health information.

Why is HIPAA important?

Since 1996 when HIPAA was made law, Healthcare providers, healthcare plans, healthcare clearing houses and healthcare business associations all now need to adhere to the regulations or face hefty fines. Building of trust between patients and the organizations that handle personal and private health information is imperative to all sides for the healthcare system to continue to work, especially in light of research showing the healthcare sector features in the top 5 sectors targeted by cyber criminals.

What are the implications of not adhering to HIPAA regulations?

As with most regulations, any breaches or non-compliance has consequences. The Office for Civil Rights (OCR) is responsible for enforcing the HIPAA regulations and may conduct complaint investigations and compliance reviews. If individually identifiable health information is wilfully violated, that person could face as a minimum a criminal penalty of up to $50,000, and maybe imprisoned for up to one year. Should it be deemed that the data was to be used for commercial advantage, personal gain, or malicious harm, the penalty increases to $250,000 and a prison sentence of up to 10 years.

Who is HIPAA For?

HIPAA has been brought into protect individuals’ private health information from security breaches to make sure that their most private data is kept private and secure. It also enables individuals to transfer their health data between healthcare and insurance providers – all with the piece of mind that their data remains safe and secure. All healthcare providers including most doctors, clinics, hospitals, nursing homes, pharmacies and dentists all need to comply with HIPAA regulations. Any contractors, or sub-contractors who have access to your health information also need to comply, i.e., companies who administer health plans, companies that process payments for health care claims, lawyers, accountants and even IT specialists.

How does using MyID help you comply with HIPAA?

MyID® credential management enables healthcare providers to issue and manage secure digital identities to protect user access to software, data, systems, and buildings for cyber secure operations and helps you to meet your HIPAA obligations.

Maximum data breach protection

Remove passwords – the primary cause of data breach and build user access around cryptographically protected multi-factor authentication.

Simple integration

Simplify the integration of existing IT with PKI infrastructure for minimal disruption.

Easy management

Benefit from one software solution for operators to issue and manage thousands of workforce digital identities.

Proven

MyID is a CMS platform that has been in operation for many of the world’s most security conscious enterprises for more than 20 years.

Futureproof

As cybercrime, hacking, phishing, and malware attacks become more advanced, futureproof processes against the growing threat with a robust digital identity system. MyID integration also means your CMS adapts as the devices and technologies healthcare professionals use change.

Cost saving

From the simplicity and ease of integration across existing infrastructure and devices, to the reduction in IT resource involvement thanks to enabling employees to self-serve, MyID CMS adds value to any healthcare organisation’s cyber security capabilities.

Trusted by Governments and Large Enterprises Worldwide

Where protecting systems and information really matters, you will find MyID. Whether its citizen data, aerospace and defence systems, high-value financial transactions, intellectual property or air traffic control, we are proud that many leading organisations around the world choose MyID to protect themselves against data breach and ensure business continuity.

MYID FOR HIPAA COMPLIANCE IN THE HEALTHCARE SECTOR

583

report breaches

16%

of data types lost in breaches were medical

40%

of data types exposed were social security numbers