It’s not just the financial industry that faces risks from cybercriminals; healthcare organizations, with their massive databases full of personal information, have become common targets as well. Compliance specialists and leaders will have their work cut out for them in the coming year.

“We are seeing a significant number of cyber breaches and ransomware,” says Gerry Blass, President and CEO of ComplyAssistant, which provides HIPAA compliance solutions. “In some cases we see pure destruction of healthcare information networks that causes significant downtime of critical systems and devices that could even result in threats to the lives of patients.”

In light of increased threats, here’s what compliance officers will be dealing with in 2018.

Managing Risk

Compliance officers will need to think strategically in the new year and work closely with other leaders to protect the organization. Partnering with IT, risk management and other internal experts will be key in the coming year for compliance specialists.

“Healthcare organizations need to understand that it’s not a matter of if an Equifax-like breach will occur but how they are able to manage business continuity when a breach happens,” says Lee Barrett, Executive Director of the Electronic Healthcare Network Accreditation Commission, a nonprofit standards-development organization and accrediting body for organizations that electronically exchange healthcare data.

Healthcare organizations will need to embrace risk-management strategies and to carefully go over security frameworks, he says. “We also have to take a hard look at accounting for medical devices as well as examine [bring your own device] protocol frameworks, which bring about their own set of challenging issues with respect to security and privacy compliance.”

Stepping Up Training

The majority of data breaches are caused by human error, says Jay Hodes, President of Colington Consulting, a HIPAA compliance consultant. “With the ever-growing threat of ransomware and phishing attacks in the healthcare sector, organizations need to do a better job in training their workforce in 2018,” he says.

Compliance specialists can take the lead in advocating for more training, as they understand well what’s at stake. “Education is critical in recognizing the threat, and continued awareness on best practices to safeguard protected health information must be a priority in the coming year,” Hodes says.

Adopting “Meaningful Use”

New regulations that have been phased in voluntarily over the past few years are now mandatory, and by January 2018 those will include Stage 3 meaningful-use requirements. “Many providers are not adequately prepared for this,” says Nick Merkin, Chief Executive Officer of Compliagent, a healthcare compliance consulting firm.

Now is the time to double-check that you’re ready. “These new requirements mandate that all hospitals and eligible healthcare professionals use certified EHR systems in order to receive certain payments,” Merkin says. If you’re not compliant, those payments are at risk.

Fighting Medicare Fraud

Recent high-profile fraud cases have made enforcement a priority, Merkin says. “Medicare fraud remains squarely in the sights of federal investigators, especially after news broke this past summer of a successful reimbursement fraud enforcement operation against over 300 people nationwide totaling almost a billion dollars,” he says. Investigators are likely to push even harder in 2018.

“Providers should be adequately prepared and have the right documentation in line to respond to audits and investigations or risk substantial fines and penalties,” Merkin says. Review your processes to ensure you remain compliant.

Technology, regulations and other challenges will loom large for compliance leaders in 2018. Ensuring your systems and processes are up-to-date will help keep you ahead of those challenges throughout the year.