PRO+ Premium Content/Pulse

Your healthcare organization believes in a strong cybersecurity program. It employs the latest software to secure patient data, and you feel confident that the clinical files are protected against hackers. This hypothetical setup seems to be solid. The bad news? Those efforts might not comply with HIPAA. That's hard to accept in this age of constantly beefing up technologies to safeguard electronic protected health information (ePHI). But the above scenario illustrates the sometimes forgotten reality that ePHI security and HIPAA privacy obligations don't always work in parallel. "You can't have privacy without security, but you can have security without privacy," said attorney Daniel Farris, partner and co-chair of the technology group at law firm Fox Rothschild LLP. HIPAA broadly divides specifications among its Privacy and Security Rules. The privacy regulations govern how hospitals and other healthcare facilities use and share ePHI, Farris said. Meanwhile, the security provisions cover measures that curtail unauthorized ...