HHS Office for Civil Rights warns of potential risks with file sharing, HIPAA

By ASN Staff

“The Department of Health and Human Services’ Office for Civil Rights has recently issued a reminder to covered entities and business associates of the potential risks associated with file sharing and collaboration tools, explaining the risks these services can introduce and how covered entities can use these services and remain in compliance with HIPAA Rules”.

They understand that file sharing tools and cloud computing services incorporate protections to ensure data is secured, but human error has led to misconfigurations in the past which have caused data breaches.

“A Metalogix survey conducted by the Ponemon Institute revealed that one in two companies that uses the file sharing tool SharePoint had a confirmed data breach within SharePoint in the last 24 months. That doesn’t mean that SharePoint should not be used, nor that healthcare organizations should avoid other cloud and file sharing tools. If these cloud services and tools are to be used, covered entities and business associates must conduct a thorough risk analysis to identify potential risks to the confidentiality, integrity and availability of ePHI. Risk management policies must then be adopted to ensure those risks are reduced to an acceptable level”.

Please read the full article for more.

Category:
Subcategory:
Author:
ASN Staff
Article Image:
Body:

“The Department of Health and Human Services’ Office for Civil Rights has recently issued a reminder to covered entities and business associates of the potential risks associated with file sharing and collaboration tools, explaining the risks these services can introduce and how covered entities can use these services and remain in compliance with HIPAA Rules”.

They understand that file sharing tools and cloud computing services incorporate protections to ensure data is secured, but human error has led to misconfigurations in the past which have caused data breaches.

“A Metalogix survey conducted by the Ponemon Institute revealed that one in two companies that uses the file sharing tool SharePoint had a confirmed data breach within SharePoint in the last 24 months. That doesn’t mean that SharePoint should not be used, nor that healthcare organizations should avoid other cloud and file sharing tools. If these cloud services and tools are to be used, covered entities and business associates must conduct a thorough risk analysis to identify potential risks to the confidentiality, integrity and availability of ePHI. Risk management policies must then be adopted to ensure those risks are reduced to an acceptable level”.

Please read the full article for more.

Area(s) of Interest: