As a small business owner and medical practitioner, you may have some understanding about cyber security, data breaches, and expectations of privacy. Failing to understand the importance of cybersecurity compliance could result in severe consequences to your practice, from class action lawsuits to regulatory fines and penalties to loss of patients’ confidence and damaged business reputation, all of which can ultimately harm the profitability and viability of your practice.
What is Cybersecurity? Cybersecurity is the collection of activities that you undertake to protect your computer systems from unauthorized access or attack, interruption or interference in services or use, and theft or damage of systems and data. For example, you may install virus protection software on your personal computer. That is the first step. However, an important second step in order to maintain up to date security is to make sure that all updates to the software are promptly installed. At your offices, you may have installed a firewall to guard outsiders from being able to access your internal network, applications, and data within your network. Effective cybersecurity efforts include regularly installing software and hardware updates and checking the security settings to make sure that the settings are set at the right level to prevent intrusions.
Is Cybersecurity the same as Data Privacy? Many people think that cybersecurity and privacy are the same. While interrelated, cybersecurity and privacy are two distinct concepts. Generally, data privacy is an expectation that certain information will be kept confidential and protected, such as protected health information in the HIPAA context. Cybersecurity, on the other hand, are the activities that you undertake to uphold that expectation of confidentiality and protection. Cybersecurity is the “how” of data privacy.
Next article in this series: Cybersecurity Regulation - An Overview of How Cybersecurity is Regulated in the United States.
NOTE: This general summary of the law should not be used to solve individual problems since slight changes in the fact situation may require a material variance in the applicable legal advice.