Horror Stories from Million-Dollar Noncompliance Security Mistakes
Chicago partner Ken Dort and associate Sumaya Noush co-authored an article titled “Horror Stories from Million-Dollar Noncompliance Security Mistakes” for Chiropractic Economics.
In their article, Ken and Sumaya point out that when a HIPAA covered entity is deciding which security measures to use, the HIPAA Security Rule does not dictate those measures but rather requires the covered entity to consider a number of factors, including the likelihood and possible impact of potential risks to electronically stored personal health information. Notably, in the event of a breach absent the use of encryption, the provider would have to justify to HHS why encryption’s absence was “reasonable and appropriate” for its situation. The reality is that underlying software and system hardware have been advancing to make encryption more viable — particularly in the face of the ever-growing threat of data breach in the health care field — leaving those providers opting against encryption with little room for acceptable explanations.
The material contained in this communication is informational, general in nature and does not constitute legal advice. The material contained in this communication should not be relied upon or used without consulting a lawyer to consider your specific circumstances. This communication was published on the date specified and may not include any changes in the topics, laws, rules or regulations covered. Receipt of this communication does not establish an attorney-client relationship. In some jurisdictions, this communication may be considered attorney advertising.
Meet the Authors
