Trillium Insights

Thoughts and Insights from Trillium's Practice Leaders

Am I Secure, Where Do I Start?

Am I Secure, Where Do I Start?

If your business is responsible for maintain the privacy of Protected Health Information (PHI,) you are inevitably familiar with Health Insurance Portability and Accountability (HIPAA) data security regulations.  HIPAA governs the sharing of such information, both for electronic and paper records.  As your company grows, it is important to ensure that the data under your control is secure.  Failure to properly protect this information can adversely impact both your reputation and your bottom line, as indicated by the numerous news reports concerning data security breaches. 
What are some activities that will help to secure your data and environment?  They include analyzing the current state of your security so that issues are brought to the surface.  Specifically, a HIPAA assessment of your security framework can be executed, creating a risk assessment for the organization.  The resulting assessment can be used to prioritize security tasks, along with a security roadmap and a plan for mitigating the highest priority tasks.  Benchmarking risks compared to industry averages will help your organization adequately analyze its security.  All these activities can be used to create a security capability scorecard to have a total picture of your organization. 

   
Once you understand your security profile, a risk reduction program can be tailored to your requirements.  The program could include software monitoring products as well as modifications to your process flows.  In addition, the resulting HIPAA documentation for your organization can be used going forward to further help reduce your security risk profile.    


According to recent research, 43% of organizations that understand their cybersecurity profiles and have the appropriate processes and technologies in place can recover from potential breaches within hours.  This may well be the differentiating factor in securing your company’s HIPAA data and reputation       

It is often prudent to bring in impartial experts outside of your organization to do a review of your cybersecurity and HIPAA compliance.  Trillium's Cybersecurity and Privacy Practice can help to secure your PHI to ensure that your security exposure is minimized.