ENTtoday
  • Home
  • COVID-19
  • Practice Focus
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Departments
    • Issue Archive
    • TRIO Best Practices
      • Allergy
      • Facial Plastic/Reconstructive
      • Head and Neck
      • Laryngology
      • Otology/Neurotology
      • Pediatric
      • Rhinology
      • Sleep Medicine
    • Career Development
    • Case of the Month
    • Everyday Ethics
    • Health Policy
    • Legal Matters
    • Letter From the Editor
    • Medical Education
    • Online Exclusives
    • Practice Management
    • Resident Focus
    • Rx: Wellness
    • Special Reports
    • Tech Talk
    • Viewpoint
    • What’s Your O.R. Playlist?
  • Literature Reviews
    • Allergy
    • Facial Plastic/Reconstructive
    • Head and Neck
    • Laryngology
    • Otology/Neurotology
    • Pediatric
    • Rhinology
    • Sleep Medicine
  • Events
    • Featured Events
    • TRIO Meetings
  • Contact Us
    • About Us
    • Editorial Board
    • Triological Society
    • Advertising Staff
    • Subscribe
  • Advertise
    • Place an Ad
    • Classifieds
    • Rate Card
  • Search

Why HIPAA, Protected Health Information Cybersecurity Best Practices Are Critical in COVID-19 Era

by Steven M. Harris, Esq. • October 19, 2021

  • Tweet
  • Email
Print-Friendly Version
  • What if a healthcare professional providing telehealth services has their device stolen or compromised?
  • How will a healthcare organization respond to a data breach when its cybersecurity employees are working remotely?
  • Is there an emergency plan in place that contemplated both a remote and in-person workforce, and has a functional security incident response team and security incident response plan been implemented?
  • If a healthcare professional is providing telehealth services from a location outside the office, is the wireless internet connection that’s being used secure, and is the healthcare professional in a non-public location?
  • If a healthcare professional needs to step away from their device during a telehealth visit or while working remotely, will the device log off automatically within a reasonable period of time?
  • Are healthcare professionals and support staff properly trained to identify correspondence threats, such as email phishing and ransomware?

These scenarios are meant to identify potential breach vulnerabilities, but they shouldn’t necessarily be cause for concern. In the COVID-19 era, healthcare providers should take time to reevaluate their policies, protocols, and procedures to ensure they address the types of scenarios described above.

You Might Also Like

No related posts.

Explore This Issue
October 2021

It stands to reason that cybersecurity risks are here to stay, but organizations that have contemplated and formally established policies related to threat management will be best prepared to address and resolve breaches. The best practice is to make sure the scenarios above, as well as other scenarios that an organization’s executive team can reasonably expect to face, are addressed prior to their occurrence.

Healthcare organizations may also choose to reevaluate their third-party vendors and internally audit their cybersecurity capabilities. In the COVID-19 era, the following outside vendors should be scrutinized for effectiveness:

  • Internet, data, and cellular services;
  • Firewall and malware protection;
  • Cloud storage;
  • Password protection services;
  • Email and communications services; and
  • Document management software.

The above services may already be adequate, but the best practice is to have a refreshed and informed view of the scope of cybersecurity services being performed and how those services, both independently and as a part of an overarching security plan, fit into a provider’s operations.

Further, internal audits of policies and procedures related to the procurement and ongoing maintenance of third-party services can assist in ensuring an organization is taking adequate measures to effectively leverage third-party expertise alongside internal expertise in its cybersecurity efforts.

In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended to require the Department of Health and Human Services (HHS) to incentivize the use of cybersecurity best practices. Specifically, the legislation requires HHS to take into consideration a covered entity’s or business associate’s use of industry-standard security practices (i.e., recognized security practices) within the past year, when investigating allegations of noncompliance with the HIPAA rules and undertaking enforcement actions.

Pages: 1 2 3 4 | Single Page

Filed Under: Departments, Legal Matters Tagged With: COVID19, cybersecurityIssue: October 2021

You Might Also Like:

The Triological SocietyENTtoday is a publication of The Triological Society.

The Laryngoscope
Ensure you have all the latest research at your fingertips; Subscribe to The Laryngoscope today!

Laryngoscope Investigative Otolaryngology
Open access journal in otolaryngology – head and neck surgery is currently accepting submissions.

Classifieds

View the classified ads »

TRIO Best Practices

View the TRIO Best Practices »

Top Articles for Residents

  • Do Training Programs Give Otolaryngology Residents the Necessary Tools to Do Productive Research?
  • Why More MDs, Medical Residents Are Choosing to Pursue Additional Academic Degrees
  • What Physicians Need to Know about Investing Before Hiring a Financial Advisor
  • Tips to Help You Regain Your Sense of Self
  • Should USMLE Step 1 Change from Numeric Score to Pass/Fail?
  • Popular this Week
  • Most Popular
  • Most Recent
    • What Happens to Medical Students Who Don’t Match?
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • Why We Get Colds
    • Rating Laryngopharyngeal Reflux Severity: How Do Two Common Instruments Compare?
    • Some Challenges Remain to Having a Universal Resident Leave Policy, But Otolaryngology Programs Are Getting Closer
    • The Dramatic Rise in Tongue Tie and Lip Tie Treatment
    • What Happens to Medical Students Who Don’t Match?
    • Rating Laryngopharyngeal Reflux Severity: How Do Two Common Instruments Compare?
    • Vertigo in the Elderly: What Does It Mean?
    • Neurogenic Cough Is Often a Diagnosis of Exclusion
    • Why We Get Colds
    • Are the Jobs in Healthcare Good Jobs?
    • What Really Works in Functional Rhinoplasty?
    • Is the Best Modality to Assess Vocal Fold Mobility in Children Flexible Fiberoptic Laryngoscopy or Ultrasound?
    • Three Primary Treatment Strategies Show No Differences in Swallow Outcome for Patients with Low- to Intermediate-Risk Tonsil Cancer

Polls

Do you have physician assistants in your otolaryngology practice?

View Results

Loading ... Loading ...
  • Polls Archive
  • Home
  • Contact Us
  • Advertise
  • Privacy Policy
  • Terms of Use
  • Cookie Preferences

Visit: The Triological Society • The Laryngoscope • Laryngoscope Investigative Otolaryngology

Wiley
© 2023 The Triological Society. All Rights Reserved.
ISSN 1559-4939