99MGMT Blog

11 HIPAA Technical Safeguards to Improve Healthcare Data Security

Posted by 99 MGMT on


In recent years, the FBI gave a clear warning.

Healthcare is especially vulnerable to cyber attacks. Data breaches put patients in harm's way. Protecting patients' PHI is essential.

When you see warnings like these, it's easy to think you're immune.  You don't need HIPAA technical safeguards, right? This only happens to huge health systems...right? Wrong. The fact is, no one is immune. On average, practices just like yours end up paying $363 per stolen record. In addition, patients pay dearly.

HIPAA IT compliance is the law. HIPAA data security is the answer. Let's take a look at 11 safeguards you should implement now to protect ePHI.

11 HIPAA Technical Safeguards That Will Improve Your Data Security

These 11 data security tips require three main courses of action:

  1. Promptly install patches
  2. Keep your antivirus tools up-to-date on ALL devices used by employees in your office
  3. Do a complete risk assessment

Promptly Install Patches

Hackers constantly probe for vulnerabilities in popular healthcare software. When a software provider identifies a vulnerability, they immediately create a patch, then notify their customers to download the patch, but many customers wait, leaving them vulnerable longer.

Many delay because they are concerned about wasting time or resources, but the resources needed to manage a breach are much greater.

Some safeguards that prevent this include:

1) Track who hasn't downloaded the patch and follow up

2) Set up a HIPAA data security cloud-based system in which the software only has to be updated in a central location

Keep Antivirus Tools Up-to-Date on Every Device

It only takes one vulnerable device to cause a breach. It could be a laptop that the office manager takes home on the weekends, a smartphone, or a desktop.

The HIPAA technical safeguards you need are to:

3) Be aware of which devices are accessing the network

4) Only allow authorized devices to access data

5) Keep virus protection up-to-date on those devices

6) Set up/run regular virus scans to catch viruses that may get through

7) Promptly deactivate remotely any device that is lost/stolen

You can read about the consequences of HIPAA non-compliant device usage here: 4 Social Media HIPAA Violations That Are Shockingly Common

Do a Complete Risk Assessment

A data breach means lost revenues; bad reviews overtake review sites, and patients who were once loyal go elsewhere. Not protecting HIPAA ePHI is a gross violation of trust.

However, demonstrating that you take steps to protect PHI, increases patient referrals and revenues.

The safeguards you need in place are to:

8) Identify who has access to what

9) Establish where HIPAA IT compliance isn't at its best

10) Implement more effective strategies to secure HIPAA ePHI

11)  Set up tiered access to limit PHI access on a need-to-know basis

You can find a HIPAA compliance checklist here for a more comprehensive guide to risk assessment.

If you’re not sure how to conduct a productive risk assessment, you can ask compliance & liability experts to do this for you.

Here’s an article on HIPAA Security Risk Assessments as a refresher.


HIPAA Technical Safeguards

HIPAA security shouldn't make it hard to take care of patients. The right security won't. Effective systems take the security worries out of the equation.

Learn more about how we can help you put your focus on providing exceptional patient care while we do the rest.

Get HIPAA Compliance Checklist

Leave a Comment


  • There are no suggestions because the search field is empty.

Recent Posts