Near the end of “The Firm,” an FBI agent portrayed by Ed Harris finds a lawyer portrayed by Tom Cruise, who was supposed to be working with the feds to help put away a crime family. Instead, Cruise hands over documents proving that the firm he had been working for had been overfilling clients and committing mail fraud by sending invoices in the mail. Harris asks Cruise why mail fraud. “It isn’t sexy,” Cruise says, “but it’s got teeth.”
The same can be said for data privacy compliance for companies in the healthcare industry. The Department of Health and Human Services has fined several companies in recent months for data breaches, illustrating the importance of securing data, especially when many employees are working remotely.
The number of data breaches that have occurred during the first months of 2020 was 50% higher than the number reported during the same period of 2019, according to the HHS.
Three separate companies have been fined nearly $10 million for data breaches, such as a stolen laptop computer that was not encrypted and two phishing attacks that led hackers to gain unauthorized access to company’s servers and be able to download patient information, including names, date of birth, Social Security numbers, and bank account information.
While these incidents occurred years ago, the importance of data security has increased during the coronavirus pandemic, with companies sending employees home to work remotely. That means many employees are working on their home computers through their home Wi-Fi networks while outside the careful eye of supervisors and managers.
To help companies implement best practices with respect to information and data security in today’s “new normal,” here are some tips and techniques:
* Establish a virtual private network (VPN): Virtual private networks allow users securely connect to a company’s servers, creating an encrypted portal that allows for data to be transmitted more securely.
* Two-factor authentication: Two-factor authentication or multi-factor authentication adds an extra layer of security by requiring the user to authenticate himself or herself using two different methods, such as a password and entering in a code that is sent via text message to the individual.
* Strong password requirements: Users should be required to establish strong passwords, which include upper and lowercase letters, special characters, and numbers, and should be required to be changed regularly.
* Regularly update your antivirus and malware protection software, especially those being used by employees working from home.
* Train employees on phishing attacks and what to be wary of when receiving information via email.
* Review policies and procedures. The coronavirus pandemic is an excellent opportunity to review disaster recovery and business continuity policies and procedures to make sure they are up-to-date and reflect the current state of a businesses’ operation.
PPMS is a management system for recovery agencies based upon developing, implementing and adhering to a set of strict industry-specific professional practices and policies.
PPMS certiﬁcation, much like a SAS-70 audit, requires independent CPA attestation that an agency has in place written policies, procedures, and work processes that ensure regulatory compliance and adherence to industry best practices. The agency must also demonstrate that it has procedures in place to identify and remediate any variance from these. PPMS certiﬁed agencies are subject to annual surveillance and must re-certify every ﬁve years.
An agency that has voluntarily undergone the PPMS application and certiﬁcation process is, quite simply, a better business partner than one which has not. This rigorous process results in:
This strict accreditation insures that you as HCI clients, receive the very best service.
"Clients come to us when good isn't good enough. They demand the best. We love it and wouldn't have it any other way."
— Christian Lehr, VP/COO