HIPAA Demands Health Data Security – Or Else!

On August 21, 1996, President Bill Clinton signed the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA. The bill had two goals: the first was to guarantee that an employee would have health insurance in the event he or she changed jobs (before HIPAA, it was not uncommon to lose one’s health insurance when changing jobs if a pre-existing condition was present); the second was to cut healthcare costs by eliminating the ponderous manual paper work processes required in administrative functions and financial transactions. While the intent of HIPAA was nothing if not noble, in ordering the transition to electronic recording and storage of what were once hard copies locked in file cabinets, the government opened the door to the possibility of the private medical records of millions of Americans being obtained illegally by computer hackers. And, unlike data breaches of credit card information, medical records contain the most personal of personal information.

HIPAA does a very thorough job of codifying security and privacy requirements and establishes strict penalties for both non-compliance and failure to remediate problems. However, even before HIPAA, the sacrosanct nature of personal health records would still require the utmost in security when recording and storing these records electronically. After all, a private citizen doesn’t require federal legislation in order to file a civil suit against a provider or organization that is negligent in the handling of his or her personal medical records. But if that wasn’t enough, the Federal Government’s stance is quite stringent, establishing fines of up to $250,000.00 and ten years imprisonment for HIPAA security non-compliance.

As technology improved, so did the opportunities for hackers. In today’s Bring Your Own Device environment as well as our web-enabled application infrastructure, there are many more ways that private data stores can be hacked than existed in 1996. The consequences of data security negligence for the healthcare industry are severe, and the solution you employ must be up to the challenge.

In order for data to be completely secure, it must be able to thwart every type of attack at every endpoint and at every stage in the threat life cycle. There can be no compromise, just as there would be no compromise of consequences in case of a breach. This type of solution is called endpoint security. In simple terms, every point in your system through which an intruder can gain access is an endpoint. If every endpoint is detected and secured – it’s no secret that lots of systems have endpoints that their systems administrators and even their IT departments might not realize exist – then overall security is assured.

SentinelOne has the right solution for endpoint security. Not only does it protect you from being HIPAA non-compliant, it is a solution that will not break your budget. In fact, it lowers the total cost of ownership (TCO) of a data security solution. It’s often said that the best defense is a good offense, and for your sensitive healthcare data, the best offense is effective and proactive endpoint security.

Regulations are fluid. They are modified, strengthened and sometimes watered down. But regardless, regulatory compliance is never negotiable. While you may be able to skate for a while, your non-compliance will surely be exposed in the event of a breach. You simply cannot afford to leave the issue of data security in healthcare up in the air. Failure to take on this challenge can be disastrous to your reputation, your business and, in the case of federal non-compliance, your very future.

Trust your data security only to professionals who know how to keep would-be trespassers out of your core systems. Trust your endpoint security to SentinelOne.