As a healthcare provider, the last thing you’d want is your patient’s personally identifiable information landing up in some unscrupulous hands. According to April 14 issue of JAMA (The Journal of American Medical Association), there has been an increase in data breaches of protected health information for HIPAA covered entities during 2010 – 2013. That is alarming to say the least. What could CIOs and CTOs be looking at to protect their organizations against such security breaches? Here are 5 steps which could help provide protection.
- Is your architecture complying with laid norms?
Perhaps the first step is to check if the way you manage sensitive health data is complying by laid Health IT norms? The healthcare compliance framework is complicated, with many frameworks and standards that need to be adhered to from a security perspective, including HIPAA, HITECH, and PCI DSS. Conduct a thorough enquiry on what possible gaps there could be and what remedies are required to fully comply with the standards.
- Is your data encrypted appropriately when being transferred or stored?
As the world is moving towards a collaborative form of working, sharing of information will become central to better patient care. The question really is whether the data being shared is encrypted properly or not? Proper encryption and tokenization is a must in safeguarding data in transfer and storage. The decryption tools should be stored in a device or a location separate from the data. Might sound elementary, but it’s surprising how frequently the “lock and key” in common parlance are found together! Encryption ensures that even in the event of a data breach, the information cannot be leveraged or misused because it is not readable. Choosing the right encryption complexity is important, so that breaking into a compromised but encrypted data becomes a difficult task, helping the IT organization buy time.
- Are there legacy systems? How secure are they?
As your systems keeping pace with changes in hardware and software? If you still use some legacy systems, the points of vulnerability from a data security point of view might reside there. Conduct a data security audit for your legacy Health IT systems to understand whether you have all breach possibilities covered or not.
- Pay attention to information end points!
It is desirable to provide users of information, easy access through the use of the web, mobile apps and so on. However, the flip side is that these end points increase the risk of breach. Do these end points expose your system in any manner? That should be an important consideration, especially in the context of today’s connected world.
- Access Control and Permission Management in Cloud
Access management grants authorized personnel the right to use a service while keeping non-authorized users out, should extend to your cloud solution. A “role-based” permission system is a scalable way to define what activities a user is allowed to execute. Have a look at who in your organization has what kind of access rights.
At Adroitent, our team is well versed with the security technologies and standards. Our experience of answering practical security questions has equipped us to help CIOs and CTOs improve their health data security. For more details, reach out to firstname.lastname@example.org and we’d be happy to consult you.
Until then, keep your health data secure by following the 5 simple steps defined above!