About Careers Contact Client Portal
Services Industries Knowledge Center People

About Our Services

We offer tailored solutions — whether private company or owner; public or private fund, adviser or fund service provider; or Fortune 1000 enterprise. Learn how we can help you.

Learn More

Assurance Services

Employee Benefit Plan Audits Investment Company Audits Private Company Audits SOC Readiness & Compliance

Tax Services

Federal Tax Planning & Compliance High Net Worth & Wealth Transfer International Filings & Structuring Investment Company Tax State & Local Tax Tax Credits & Incentives Transaction Tax Planning

Advisory Services

Accounting & Finance Solutions Business Valuations Data & Insights Family Office Services IT Strategy & Implementation M&A Advisory Risk Assurance & Advisory Transaction Services Turnaround & Restructuring

Our Industry Expertise

Our industry experience means you can find professionals who speak your language and bring earned insights to the table. Learn how we can help you.

Learn More

Key Industries

Digital Assets Investment Companies Manufacturing Private Companies Private Equity Real Estate & Construction Technology & Life Science
VIEW THE COMPLETE LIST

Knowledge Center

Our team wants to help your team stay up to date. Browse our thought leadership, events and news for insights and a point of view on business-critical topics.

Learn More

Insights

Browse valuable articles and publications our experts have written to help you and your organization answer key questions — and consider new ones.

Read Our Insights

Events

Join us in person and online for events that address timely topics and key business considerations.

Explore Our Events

News

Find out what is happening at Cohen & Company, from industry recognitions and growth updates, to where we are contributing to important media stories.

Read Our News
People
About Careers Contact Client Portal
Back to Insights

5 Tips to Help Prevent HIPAA-Related Data Breaches

January 16, 2019 Healthcare

Data breaches are as prevalent as ever, with news of large-scale breaches such as Facebook and insurance company Anthem — which recently paid out $16 million over a 2015 data breach — popping up on the news nearly every week. Medical practices, though not necessarily large targets like major corporations, are often easier targets because of their abundance of rich personal and financial data available.
 
Below are five ways to help avoid HIPAA-related data breaches. 

1. Analyze Risks Related to Staff and Security Procedures

At least once a year, conduct a risk analysis of your staff and your practice’s procedures. This can be quite technical, including testing firewalls and antiviral software. It also includes making sure passwords are updated and changed, all software patches and updates have been installed, and software or technology is updated. Consider hiring an outside firm with expertise in HIPAA requirements to conduct this analysis. Your initial outlay will likely pay off in the long run by preventing future breaches.

2. Designate Someone to Oversee Security

Ensure a staff person handles all updates and procedures. That person also needs to educate and monitor the rest of the staff on compliance with HIPAA and security procedures.

3. Hire a Consultant

A consultant can help review procedures and technology, which are constantly changing and requiring updates. Hackers become more sophisticated every year at retrieving private data.

4. Customize Computer Toolbars with Antiphishing Applications

Some of these can be downloaded free from the Internet and are usually system-dependent. In other words, they’re designed for Windows, Chrome, Safari or Firefox. Conduct research before you download anything from the Internet — even antivirus and antiphishing apps. Reviews will generally give you a good idea of which ones to stay away from.

5. Be Skeptical and Suspicious 

We tend to view hackers as the ones who use computers to break into your systems and steal your information. But, in fact, a lot of hackers use social engineering to deceive people into giving up confidential or personal information. Examples of social engineering include emails and phone calls from vendors and companies suggesting your passwords or other vital information need to be updated, and you should link through to a website to do so. This is a common way for hackers to gain access to your passwords and systems, so be wary of any such links. Be cautious about providing any information over the phone and alert your staff to this as well. And don’t forget, one of the most common causes of data breaches is stolen laptops! 

Health care institutions are tempting targets. In 2017, Detroit’s Henry Ford Health System had 18,470 patient records stolen. In July 2018, a virus attacked Arkansas Oral Facial Surgery Center, keeping the practice from accessing images, files and notes related to 128,000 patients. For your practice’s safety and your patients’ protection, take precautions.
 
Please contact a member of your service team, or contact Kathy Walsh at kwalsh@cohencpa.com for further discussion.
 

Cohen & Company is not rendering legal, accounting or other professional advice. Information contained in this post is considered accurate as of the date of publishing. Any action taken based on information in this blog should be taken only after a detailed review of the specific facts, circumstances and current law.
 
 

Sign Up for Our Emails & Events

Receive insights from our specialists in a variety of areas and timely information on upcoming events directly to your inbox as they go live in our online Knowledge Center.

Subscribe Today
Subscribe to our newsletter
About Contact Submit RFP Privacy Policy
LinkedIn Twitter Facebook
© 2022 Cohen & Company