First few Article Sentences
Every hospital should undertake a comprehensive review of the effectiveness and legal adequacy of their current data privacy and cybersecurity plan. This plan should encompass HIPAA protections and should also extend to any data required to be protected under federal or state law. Ensuring the protection of Protected Health Information (“PHI”) under HIPAA, although critical to any data privacy and cybersecurity plan, is not alone sufficient. Other data, such as patient financial information and credit card information (Personally Identifiable Information (PII)), must also be protected.