HHS has begun conducting surprise audits of hospitals' compliance with HIPAA's security and privacy rules as health care organizations report an increase in cyberattacks and security breaches, NetworkWorld reports.
SecureWorks, a security services firm, reported an 85% increase in the number of attempted Internet hacker attacks toward its health care clientele from the first half of 2007 to the last half of 2007.
"There is definitely an uptick in attacks," John Halamka, CIO of Beth Israel Deaconess Medical Center and Harvard Medical School in Massachusetts, said.
Halamka said he has not seen evidence that attackers are targeting health care networks to steal patient data for financial gain, but other security experts say the trend is well under way.
According to NetworkWorld, health care organizations are increasing their efforts to protect electronic patient data because they recognize that data breaches harm patients, as well as their reputations.
HIPAA Audits
HHS, which oversees HIPAA compliance, has contracted with PricewaterhouseCoopers to conduct surprise audits of hospitals, according to Gartner analyst Barry Runyon.
The audits will focus on security risks associated with remote access to data and portable storage concerns.
Last month, CMS Director Tony Trenkle announced that the first 10 or so reviews will take place at hospitals where CMS has received complaints about security.
CMS plans to publish the audit results on its Web site. However, the agency will not include the organization's name unless major lapses are uncovered. Such breaches could result in fines or other penalties.
HHS announced last month that Piedmont Hospital in Atlanta was the first hospital to receive an unannounced HIPAA security audit (Messmer, NetworkWorld, 2/27).