Audits tell us that healthcare providers who fail HIPAA audits, Meaningful Use requirements, and put patients at risk often share a common oversight: They've failed to assess and secure medical devices that store and transmit electronic protected health information (ePHI).
What's at Risk?
The Problem Behind the Problem:
From pulse oximeters to CT scanners, a typical hospital averages about two medical devices per bed that collect, store, generate and transmit ePHI on a regular basis. Because these are unconventional, FDA-regulated machines, they tend to fall outside your IT department's scope of work or expertise, and are often left out of risk assessments, security analyses and compliance efforts -- an automatic violation of the HIPAA Security Rule and correct Meaningful Use attestation.
Loss or impairment of patient data.
Patient misdiagnosis or harm due to corrupted data or device malfunction.
ePHI breach averaging $2.4 million over two years (HIPAA penalties + cost of corrective action)
Disruption of other medical devices connected to the same network.
Delayed patient testing, work backlogs, patient diversion.
Financial and reputation loss following mandatory corrective action.
Corporate and personal liability.
Criminal and civil penalties.
How We Can Help:
White Paper: Reversing hidden patient safety, data security & compliance risks unique to medical devices.