CYBERSECURITY IN HEALTHCARE: SECURING PATIENT HEALTH INFORMATION (PHI), HIPPA COMPLIANCE FRAMEWORK AND THE RESPONSIBILITIES OF HEALTHCARE PROVIDERS

Authors

  • Derek A. Smith Virginia University of Science and Technology, Vienna, VA, USA Author
  • Nasrullah Abbasi School of Information Technology, Washington University of Science and Technology, Alexandria, VA, USA. Author https://orcid.org/0009-0009-5389-8030

DOI:

https://doi.org/10.60087/jklst.vol3.n3.p.278-287

Abstract

Healthcare industry is major target for cyberattacks, making the protection of public health information (PHI) and Personal Identifiable Information (PII) a prime issue.  In this digital era, with health organizations shifting to electronic health records and telemedicine, they are facing a major cybersecurity attack such as ransomware, phishing, and data breaches. These attacks compromise patient privacy, pose serious risks to patient safety, and hinder healthcare operations. The Health Insurance Portability and Accountability Act (HIPAA) provides a comprehensive compliance framework to protect PHI, wherein health providers shall undertake administrative, physical and technical safeguards. Despite these regulations, many healthcare providers struggle with achieving and maintaining HIPAA compliance due to limited resources, outdated technologies, and the rapidly evolving nature of cyber threats. This paper explores the HIPAA compliance framework, examining the specific responsibilities of healthcare providers to secure PHI. Key measures taken include periodic analysis of risks, establishment of encryption and access control systems, and comprehensive employee training to minimize risks of cyber-attacks. The study highlights that there is a growing need for healthcare providers to adopt proactive, adaptive cybersecurity strategies to deal with emerging threats. By following HIPAA regulations and updating security practices continuously, healthcare providers can protect the PHI, ensure regulatory compliance and safeguarding patient trust. The findings emphasize the role of adhering to regulation and innovation both in managing cyber risks for the healthcare sector.

Downloads

Download data is not yet available.

References

Alvarado, L. (2018). Securing Patient Health Information in the Age of Cybersecurity Threats. Journal of Healthcare Information Security, 10(3), 45-53. Retrieved from https://www.jhis.org/article/securing-patient-health-information

Egelman, S., & Cranor, L. (2019). Challenges in Healthcare Cybersecurity: The Role of Human Error in HIPAA Compliance. Journal of Health Policy and Technology, 8(1), 15-27. https://doi.org/10.1016/j.hlpt.2019.04.002

Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3), 541-562. https://doi.org/10.1016/j.jbi.2012.12.003

Garg, V., Brewer, B. B., & Damico, P. J. (2013). Implementation of HIPAA regulations in healthcare organizations. Journal of Healthcare Management, 58(5), 328-340. https://doi.org/10.1097/00115514-201309000-00006

Gordon, W. J., Fairhall, A., & Landman, A. (2019). Threats to Information Security — Public Health Implications. The New England Journal of Medicine, 380(1), 23-26. https://doi.org/10.1056/NEJMp1815505

Abbasi, N., & Hussain, H. K. . (2024). Integration of Artificial Intelligence and Smart Technology: AI-Driven Robotics in Surgery: Precision and Efficiency. Journal of Artificial Intelligence General Science (JAIGS) ISSN:3006-4023, 5(1), 381–390. https://doi.org/10.60087/jaigs.v5i1.207

HIPAA Journal. (2014). Community Health Systems reaches $5 million settlement for lawsuit over 2014 data breach. Retrieved from HIPAA Journal, https://www.hipaajournal.com/healthcare-data-breach-statistics/

McLeod, A., & Dolezel, D. (2018). Cyber-Analytics: Risks for HIPAA Violations in the Healthcare Cloud. Health Policy and Technology, 7(4), 389-396. https://doi.org/10.1016/j.hlpt.2018.08.002

Modern Healthcare. (2019). Premera Blue Cross settles for $10 million in multistate investigation over 2015 data breach. Retrieved from Modern Healthcare

Perakslis, E. D. (2019). Cybersecurity in Health Care. Journal of the American Medical Association (JAMA), 321(12), 1141-1142. https://doi.org/10.1001/jama.2019.0284

Reddy, S., & Rein, A. L. (2018). HIPAA Compliance Challenges in an Evolving Cyber Threat Environment. Health Affairs, 37(7), 1082-1089. https://doi.org/10.1377/hlthaff.2018.0140

Rights, O. F. C. (2022, October 19). Summary of the HIPAA Privacy Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

Shou, C. D., & Li, M. (2020). Cybersecurity Risks and HIPAA: Strategies for Securing Electronic Health Records. Journal of Health Information Technology, 9(2), 58-65. Retrieved from https://www.jhit.org/article/cybersecurity-risks-and-hipaa

Snell, E. (2021). Healthcare Cybersecurity Trends: Increasing Threats, HIPAA Compliance, and Patient Safety. Journal of Cybersecurity & Privacy, 12(3), 75-88. https://www.jcybersecprivacy.org/article/increasing-threats-hipaa-compliance

Wall, A., & Kee, D. (2019). Improving HIPAA Compliance with Modern Security Practices: Challenges and Opportunities. Health Information Management Journal, 48(2), 74-80. https://doi.org/10.1177/1833358319845041

Yaraghi, N., & Gopal, R. D. (2018). The Role of HIPAA in Securing PHI: A Critical Analysis. Journal of Management Information Systems, 35(2), 408-432. https://doi.org/10.1080/07421222.2018.1451965

Downloads

Published

25-09-2024

How to Cite

Abbasi, N., & Smith, D. A. . . (2024). CYBERSECURITY IN HEALTHCARE: SECURING PATIENT HEALTH INFORMATION (PHI), HIPPA COMPLIANCE FRAMEWORK AND THE RESPONSIBILITIES OF HEALTHCARE PROVIDERS. Journal of Knowledge Learning and Science Technology ISSN: 2959-6386 (online), 3(3), 278-287. https://doi.org/10.60087/jklst.vol3.n3.p.278-287