The following is written by Marion K. Jenkins, PhD, FHIMSS, founder and CEO of QSE Technologies.
It is becoming increasingly common to hear reports of state-sponsored cyberattacks, allegedly originating from some large foreign countries and entities. While many of the targets have been federal agencies and quasi-governmental entities like the International Olympic Commission, others seem to indicate corporate espionage may be involved. There have also been numerous reports of breaches involving consumers, including Citi recently reporting a breach of between 200,000 and 300,000 client accounts. This has shined a light on the growing issue of financial fraud perpetuated through business networks.
Federal legislation is being proposed to significantly increase the ability to prosecute cybercriminals, and to gain uniformity across dozens of state cybersecurity laws and regulations. The legislation is designed to protect vital government and private-sector IT infrastructure. It is necessary.
What does that have do to with business, especially small business? Part of the process of prosecution is going to be identifying and reporting these breaches. Interpretation: businesses are going to have to report breaches. In addition, some of the hearings in Washington, D.C., before the joint House/Senate Select Committee have used language like "personally-identifiable information" and other terms that sound very much like the language in HIPAA.
The upshot of all this is that you will likely soon see federal legislation that requires business of all types and sizes to protect their data and report breaches to the federal government. Obviously, failure to do so will result in fines and sanctions.
Some people think this represents "HIPAA meets OSHA."
It behooves every business to get their IT house in order, and to implement the proper security standards to protect their vital business and customer data, prior to being forced to do so by the feds.
Marion K. Jenkins, PhD, FHIMSS, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com or contact Marion at marion.jenkins@qsetech.com.
More Articles Featuring QSE Technologies:
New HIPAA Fines Can Be Seven Figures
HIPAA Enforcement … With Teeth