Law Firms Are Lacking CyberSecurity And HIPAA Compliance Standards

The results of a recent poll have been released by an industry-leading provider of cloud-based work environments for law firms. These results indicate that a surprising number of law firms lack the important security measures that are required in order to ensure HIPAA compliance. HIPAA, of course, is the Health Insurance Portability and Accountability Act, and it sets the standard for protecting sensitive patient data.

The poll, which was conducted between November 2015 and January 2016, shows that only 13 percent of the 240 law firms surveyed met the HIPAA compliance guidelines. The law firms that they surveyed, of course, were the ones that would fall under HIPAA regulations – health care, elder law, medical malpractice firms, and so on.

One of the issues law firms face is the role of vendors in terms of their HIPAA compliance. The majority of surveyed firms indicated that their off-site backup providers follow HIPAA guidelines, but that isn’t always the case. There are a number of important questions that must be asked in order to ensure that vendors are always operating with HIPAA compliancy in mind.

During the survey, it was discovered that law firms are very aware that they need to control access to personal health information (PHI), but that less than half of the surveyed firms actually maintain and review logs of all personnel who access PHI. This is, therefore, a critically overlooked step in terms of PHI security.

Overall, the survey also showed significant gaps in terms of the need for law firms to enhance their cybersecurity measures. Nearly half of the surveyed firms are missing critical elements including e-mail encryption and two-factor authentication. It was shown that law firms often see the technologies associated with HIPAA compliance as a burden. Clearly, more emphasis needs to be put on ensuring that firms work with providers that offer technologies that meet HIPAA standards.

Call us at 561-969-1616 for assistance on ensuring compliance and following regulations or email us at [email protected]. We are happy to answer any questions you may have.