An article on Businessweek.com today suggests that healthcare companies rank worse than financial institutions, utility companies and even retailers when it comes to cybersecurity. This is particularly frightening news given the intense focus on healthcare data security under HIPAA for a number of years now. By now, healthcare companies and providers should be well aware of the requirements of HIPAA and should have appropriate safeguards in place that meet or exceed the HIPAA requirements. At its core, HIPAA requires that health information be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate use or disclosure. What safeguards are reasonable will depend on the facts and circumstances. If you’re still not sure what you are supposed to be doing to protect your patients’ health care data, it’s probably a good time to conduct an audit of your policies, procedures and systems to be sure they are compliant.