Analecta Cyber Company Blog: Risk Management Survey

2016-04-12

Risk Management Survey


In April, Analecta Cyber will be conducting a telephone survey with the local healthcare industry. Analecta, a Maryland small business specializing in cyber security services, wants to better understand how small and medium-sized healthcare practices integrate cyber risk management into their existing HIPAA risk management plans.


Recent events like the MedStar intrusion and the Hollywood hospital ransomware incident highlight the critical importance of including comprehensive cyber risk management in your practice's HIPAA Privacy and Security compliance program. Many practices don't realize that cyber risk should already by managed through a practice's required HIPAA risk management plan.

HHS is able to levy hefty fines for ignoring the cyber security risks and has initiated proactive audits in 2016. HHS already issues fines for violation of patient privacy based on the reasonableness of the loss of protected health information. For example, fines for the accidental dissemination of a record to the wrong patient can be minimized if the practice is following all appropriate due care and ensuring recurring HIPAA compliance training.

There is an even higher financial risk for providers with computer data stores for patient health information. Many practices are not integrating technical and security safeguards into their risk management documentation. Inadequate documentation may result in exceedingly great fines. The maximum fine possible under the HHS compliance program is $1.5 million.

Analecta understands the human factor associated with all technical solutions. This survey is our attempt to understand how small and medium-sized healthcare practices integrate cyber risk into the many competing priorities of running a successful business. If you'd like to participate in the survey, please contact us at info@analecta-llc.com and provide your name, phone number, and the best time to call.