HIPAA: A Case Study in SC

Published by Micheal Small on

 

HIPAA rules have been applied by the federal government to protect the data of customers, patients, and users. The introduction and enforcement of HIPPA has stemmed the flood of data breaches in business organizations and the criminals who profit from selling customer data to other companies and nefarious individuals. We have discussed what HIPAA is and its role in business in previous blogs, this blog will focus mainly on the recent violations that cyber security authorities have seen in South Carolina.

​Violation of HIPAA Rules at MUSC

A recent report revealed that the Medical University of South Carolina suspended 13 employees last year due to HIPAA violations. These employees intentionally snooped into the private data of patients, a clear violation of policy. Employee actions such as snooping, are hard to prevent. However, when an organization clearly enforces policy and takes a heavy-handed approach with security violations, they demonstrate “due care”, a requirement under most regulations.

Looking at other violations, the Department of Health and Human Services claimed that in 2017, there were 58 total data breach cases in the hospital and over the past 5 years, 307 data breach cases occurred. The number of breaches, not surprisingly, lead to the firing of 30 members of the non-physician staff but, due to MUSC acting swiftly, the authorities ignored most of these infractions.

This information may lead you to believe that MUSC was fined millions of dollars for the exposed patient information. However, we were unable to locate any information that indicates they incurred any fines. Cases such as this happen regularly, organizations can avoid fines if they act quickly in the face of a breach and demonstrate due care. Fines occur when healthcare organizations do not take patient privacy seriously but clearly, MUSC does.

​Enforcement of HIPAA Law

To clarify: all HIPAA breaches, large or small, are required to be reported to the proper channels. However, the authorities only publicly report data breach cases in which the data of over 500 individuals has been compromised.

As already seen, not all organizations are fined after a breach. Organizations, like MUSC, who take action as soon as possible and report the breach, are doing what is right by their patients and the Office of Civil Rights and the HHS recognize the effort. The lesson for companies to learn here is that breaches are going to happen but how you handle them determines your fate.

For more information…

Tandem Cyber Solutions is here to answer questions about HIPAA compliance. If you are unsure whether you business will pass a compliance audit, please reach out to us TODAY!

Contact Us by Email

Author

Micheal Small

Micheal Small
Co-founder + Ethical Hacker

​Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

Categories: HIPAAInformation Security

Micheal Small

Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.

0 Comments

Leave a Reply

Related Posts

Information Security Penetration Testing

The Importance of a Penetration Test

As information technology professionals, we all know that system and network administrators are overworked while developers are notoriously behind schedule. This unfortunate combination causes inherent vulnerabilities to the technical infrastructure of even the most security-conscious companies in today’s market. To compensate for these risks, penetration tests have become a staple of every well-managed security program.

Information Security Insurance Insurance Data Security Act SC SCIDSA

What is the South Carolina Insurance Data Security Act, and How Does Tandem Cyber Solutions Help Their Clients?

South Carolina Insurance Data Security Act The South Carolina Insurance Data Security Act (SCIDSA) is a data security/compliance law targeting insurance industry-related businesses operating in South Carolina and those persons licensed to operate by the Read more…

Cyber Security Basics Information Security

Misconceptions about Cyber Security Attacks

Businesses often mistakenly believe they will not be targeted or that they will know when they are attacked immediately. These are deadly myths that will leave organizations unprepared for the threats out there. This week Read more…