In January, the Health Information Technology for Economic and Clinical Health Act (HITECH) was amended to include measures designed to enforce compliance with both HITECH and HIPAA. 
 

Going forward, the Department of Health and Human Services (HHS) will have to determine if a company has adequate security practices in place when making considerations about fines and penalties. 
 

For example, if a company suffers a data breach, the HHS would look to see if the company took correct remedial action, such as implementing a security framework. Other factors that will be considered include previous compliance audits and violations within the course of 12 months. 
 

Essentially, companies need to implement recognized cybersecurity practices or else risk hefty fines for non-compliance. 
 

Known as HR 7898 or the HIPAA Safe Harbor Bill, the amendment was passed unanimously by the Senate. Data breaches in the healthcare sector remain an ongoing concern, with healthcare breaches accounting for 79% of all cyberattacks. 

What You Can Do To Comply

 
The best course of action healthcare companies can take is to adopt a recognized security framework, like the one developed by the National Institute of Standards and Technology (NIST), and implement immediate data protection measures like data masking to safeguard patient data. 
 

The widely-used NIST framework helps organizations take privacy into account during design and deployment and promote cross-organizational collaboration around data privacy. Another recommended security framework is the healthcare-specific HITRUST framework, geared towards helping healthcare companies meet the compliance requirements of HIPAA.
 

Data privacy tools play an important part in any security framework. Implementing a data protection solution like data masking is an essential security practice as it ensures sensitive data like protected health information (PHI) is safeguarded before it falls into the wrong hands. 
 

Data masking protects PHI by de-identifying or ‘masking’ certain values. There are various types of data masking methods that can be employed such as shuffling, dynamic data masking, substitution, and on-the-fly. Dynamic data masking, for example, will only mask certain pre-defined elements, like the last four digits of a credit card. The data will look legitimate, but it cannot be used for fraudulent purposes. 
 

Acting quickly and implementing strategic security processes will help companies keep in line with the requirements of healthcare privacy laws like HIPAA and HITECH. However, with data breaches in the healthcare sector and public concern over data privacy increasing, adopting a customer-first approach is the best way to ensure protecting customer and patient health information always takes top priority. 
 

Hush-Hush Data Masking is a recognized data protection tool that helps healthcare businesses stay on the right side of HITECH compliance. Our easy-to-integrate software is designed to work with your existing systems and security frameworks seamlessly and takes the hard work out of maintaining compliance.
 

Request a free demo today.