Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Employees Are Your Biggest HIPAA Vulnerability

While 2015 was accurately dubbed “The Year of the Healthcare Hack”, according to Experian’s 2016 Data Breach Report, 2016’s largest threat hits much closer to home – it’s your own employees.

The Experian report states, “While large breaches may be compromising millions of people’s records in one fell swoop, smaller incidents caused by employee negligence will also continue to compromise millions of records each year.” Experian predicts that these employee driven breaches will actually cause more damage.1

These smaller incidents collectively put you at a risk for an OCR audit, which in addition to being a distraction from your business can also lead to fines and penalties. Even if there are no fines or penalties, a minor breach can add up in legal fees, customer notices and above all the cost of customer retention communication.

In most cases these are not malicious employee breaches. The majority will be caused by lack of understanding and complacency. The first is very easy to address, you train and test your employees on your HIPAA Policies and Procedures, as required by HIPAA, so they understand the role they play in protecting health information they touch..

Complacency can be a little more difficult to remedy. Once you have trained your employees on your Policies and Procedures, they go back to their daily routine. Initially, they are more aware of HIPAA and protecting important data, but after a short while they let down their guard. After all, they know their job; they know your customers and a breach has never happened before so they begin to feel immune to the potential dangers. Fortunately, there are two steps you can take to keep your employees sharp:

  1. Educate them about the Value of Healthcare Data – It can be difficult for employees to understand why anyone would go to great lengths to get this health information. Helping them see what that data is worth in the wrong hands will give them more of an appreciation for the Policies and Procedures you’ve put in place to protect it.
  2. Remind them regularly – To maintain your HIPAA compliance, all of your employees should be trained annually, but it is unrealistic to expect them to keep that information at the top of their minds long term. Brief monthly trainings or reminders that touch on just one piece of your Policies and Procedures can be enough to make HIPAA a priority all year long.

Employee breaches may be the biggest threat to healthcare data this year, but it doesn’t have to affect you. The Experian Report points out that, “Organizations that implement regular security training with employees and a culture of security committed to safeguarding data will be better positioned for success.”1

1“Third Annual 2016 Data Breach Industry Forecast.” Experian 2016 Data Breach Industry Forecast. Web. 16 Mar. 2016. http://www.experian.com/data-breach/2016-data-breach-industry-forecast.html.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)