Data breaches have become an increasingly common occurrence, with several large retail corporations experiencing losses in recent years that affected their bottom lines and reputations. The same risks exist in healthcare, with the added concern of jeopardizing the security of patients’ electronic protected health information (ePHI).
Many healthcare organizations — both hospitals and physician practices — remain at risk for data breaches. A governmental audit found that 47 of 59 healthcare organizations failed to have complete and accurate risk assessments, as required by HIPAA. The response of many organizations has been to focus on protecting specific modes of clinical communication, such as text messaging, while leaving other forms of communication at risk. In truth, to be HIPAA compliant, hospitals and physician practices must develop and execute a comprehensive plan that addresses all modes of communication.