A guest on the podcast, Cole says protecting patients' health data is paramount for healthcare HIPAA compliance, and "enforcement could come very soon" in the form of HIPAA audits by the U.S. Department of Health and Human Services' Office for Civil Rights.
One critical task in healthcare HIPAA compliance for covered entities, or healthcare organizations governed by HIPAA privacy and security rules, of all sizes is performing security risk assessments, but "sometimes entities don't know they have to do it," Cole says.
Cole says a big area of concern in healthcare HIPAA compliance is securing communication on the mobile devices that have become ubiquitous in health IT. Other factors fall under human behavior, such as training physicians and other clinicians not to talk about PHI in public places such as restaurants.
Healthcare organizations, however, should not shy away from rapidly evolving technologies such as mobile and cloud because of security fears, but rather work to use the tools in compliance with HIPAA, Cole says.
As for getting C-suite executives to buy into the idea of PHI privacy and security, CISOs and others charged with healthcare HIPAA compliance should articulate the financial and business risks of sustaining a major PHI breach. Not only could organizations be fined, but they could also suffer major damage to their brands, Cole says.
"The money issue is one thing that is really going to attract the attention of the C-suite," he says.
Many physicians still readying for HIPAA audits
The Office for Civil Rights sends a warning to covered entities, business associates
Texting PHI results in unnecessary risks for providers