Tip for Prevention
• Assess your infrastructure periodically to monitor when further growth is necessary to keep the system robust enough to handle its data needs. Bugs will inevitably occur after software has
been deployed, and instituting a strategy for handling problems will allow an organization to be prepared in case a crisis occurs.

• You need the right tools and technology, but you also need the right people monitoring and maintaining those tools. Breaches are often difficult to detect,
Hagerman explains, because “organizations don’t have sophisticated enough monitoring systems in place and the right staff watching all the time to understand which behavior
is anomalous.”

When choosing a dependable BA, you should ask them a series of security-related questions to determine how dependable and knowledgeable they are when it comes to preventing data breaches.
Certain providers will not only be trustworthy, but they may be able to guide a healthcare IT department through the process of creating a stronger infrastructure that also meets HIPAA’s standards.

Business Associates (BA)

BAs can be seen as an extension of your workforce, and just as internal employees can make mistakes that lead to major security problems, third-party vendors have the potential to do the same.
According to Hicks, many BAs are failing to understand the risk management aspect.

Proactive do’s
Do encourage a culture of security. Make sure employees know how data breaches can occur and the steps they can take to prevent security problems.
By promoting safety practices, risks can be greatly reduced in a way that is cost effective and lays the groundwork for other proactive practices.
Do conduct a proper risk assessment. Certain vulnerabilities may be expected, yet unforeseen weaknesses may be lurking that your organization won’t know about unless a risk assessment takes place. These assessments should also be conducted on a regular basis to stay a step ahead of the threat actors. Do encrypt your data the right way. Not all encryption is the same, so it’s crucial that your organization use the right techniques in the right scenarios.
Outside the confines of your infrastructure, you’ll also need to ensure that any BAs are utilizing effective encryption methods.
Do patch your system. What’s secure today will be open to an attack tomorrow, and even the strongest system eventually will run into problems. When weaknesses are spotted, implementing
patches will be necessary and should be conducted immediately as a top priority.
Do monitor your system. Taking a proactive approach to security means keeping an eye on your infrastructure so you can devise an appropriate
defense strategy and know the tactics hackers are using. Also ensure your team knows the difference between normal and abnormal behavior on the system.
Do get the right people in place and ensure they have the proper training.

A knowledgeable IT team will be the foundation for all of an organization’s security and compliance efforts. By assembling a group with the necessary skills, your organization will have a way to stay current on the latest security measures and help prevent future attacks.

Reactive don’ts
Don’t sacrifice security in favor of compliance.
Trying to comply with HIPAA may seem like a greater priority than overall security, and that it will cover many security issues, but one shouldn’t be seen as more important than the other.
Neglecting security can lead to a complete take-down of your system, and procrastinating on compliance can lead to costly fines.
Don’t ignore potential vulnerabilities that widen your attack surface and leave you open to opportunistic criminals. No matter how small the exposure, any vulnerability still offers the potential for a breach that could lead to huge consequences. Household names have allowed weaknesses in their infrastructure to put them on the front page of the paper by
giving hackers an opportunity to wreak havoc. Don’t wait for a breach to happen to you before you decide to take action.

Taking a reactive approach to security will be costly for your organization in terms of finances, productivity, and reputation. If you’re fortunate enough to be free from a data breach, don’t
expect that this trend will continue. The only way to reduce risks will be to take a proactive approach and begin implementing thorough security and compliance policies.
Don’t consider security and compliance to be the same thing. These aren’t synonymous terms, as each one covers different issues. Although experts recommend tackling security first, both have to be given equal effort.
Don’t assume a secure infrastructure will last forever.
Don’t allow your IT infrastructure to become vulnerable through a lack of updates or upgrades. A system will have to be continually updated to ensure data is protected and that threats are reduced.
Don’t take on all these responsibilities without guidance. Keeping a healthcare institution’s system up and running is a huge task even without factoring in HIPAA compliance and overall data security. Receiving guidance from an experienced compliance expert can go a long way toward helping avoid penalties and security breaches.



  • You’re the healthcare professional.  Take care of your patients.
  • Leave the encryption to encryption specialists!
  • Have a proper risk assessment strategy- Implement it and Review it with staff regularly
  • Breaches are done by opportunists
  • Fines for breaches are very costly- prevent them from the start!