August 23, 2019

Horror Stories from Million-Dollar Noncompliance Security Mistakes

Chicago partner Ken Dort and associate Sumaya Noush co-authored an article titled “Horror Stories from Million-Dollar Noncompliance Security Mistakes” for Chiropractic Economics.

In their article, Ken and Sumaya point out that when a HIPAA covered entity is deciding which security measures to use, the HIPAA Security Rule does not dictate those measures but rather requires the covered entity to consider a number of factors, including the likelihood and possible impact of potential risks to electronically stored personal health information. Notably, in the event of a breach absent the use of encryption, the provider would have to justify to HHS why encryption’s absence was “reasonable and appropriate” for its situation. The reality is that underlying software and system hardware have been advancing to make encryption more viable — particularly in the face of the ever-growing threat of data breach in the health care field — leaving those providers opting against encryption with little room for acceptable explanations.


Related Industries

The Faegre Baker Daniels website uses cookies to make your browsing experience as useful as possible. In order to have the full site experience, keep cookies enabled on your web browser. By browsing our site with cookies enabled, you are agreeing to their use. Review Faegre Baker Daniels' cookies information for more details.