Join us for our webinar: The Key to Healthcare Risk Management on July 31.

Establishing a strong culture of security in any organization can be tough. I should know. I am a cybersecurity engineer, performing HIPAA-required security risk analyses for healthcare organizations of all sizes. Through the years, I have learned the organizations that take cybersecurity culture seriously continuously remind patients of their information privacy rights, have two-factor authentication on protected systems, give security badges that open secure doors and areas, and much more. Unfortunately, even these smart and commendable tactics are not enough to ward off a breach (and the HIPAA fines that could follow). Through my experience, the ONLY way to create a culture of security is to incorporate these three factors:

All healthcare providers that accept Medicare or Medicaid patients have heard of MACRA (Medicare Access and CHIP Re-authorization Act), a reward-based financial reimbursement program for providers that deliver a higher quality of care and increased positive patient health outcomes at lower costs. That’s where MIPS – Merit-based Incentive Payment System – comes in and our best tip for earning the points you need to get a full reimbursement.

Criminal hackers aren’t nearly as focused on your business' administrative accounts as they are individual employee accounts. Why? Because admin accounts rarely have direct access to highly valuable information like social security numbers, protected health information, etc.

Most companies freely acknowledge that a data breach event would cause significant impact to their business. If a company processes, stores and accesses sensitive customer information (i.e. medical records, credit cards, social security numbers, etc.), it would also acknowledge that it already knows what types of data the criminals mostly like want to steal … or hold hostage.

In case you missed it, I recently wrote a blog detailing how to run your own breach simulations. But do you know why running them is important? Defining the outcome is the first step to determine the answer to this question.