As emerging technology changes the landscape of information security in healthcare, health organizations must ensure that their policies stay up to date to protect the privacy and security of patient information.
According to a joint study conducted by Information Security Media Group and email data security company, Zix Corp., many healthcare organizations believe they are meeting this goal—but key findings of the survey highlight the unpreparedness that many organizations face, and reveal several developing trends for healthcare providers to know of.
1. Awareness of Emerging Threats
Over a quarter (28 percent) of survey responders agreed that while hackers are a significant threat, the bigger security risk comes from in-house employees failing to meet basic security standards. Proper training of personnel is essential for HIPAA compliance.
2. Shifting Priorities
While the U.S. Department of Health and Human Services (HHS) is prioritizing EHR interoperability, survey responders indicated that other issues were of more concern:
- Increased regulatory compliance
- Better security awareness and training
- Prevention and detection of breaches
- Updating business continuity/disaster strategies
- Monitoring HIPAA compliance of associates
3. Mobile Protection
Lost or unencrypted mobile devices are often the culprit behind data breaches. The best way to avoid unauthorized access is to keep privileged data off mobile devices when possible, and to maintain good security practices when mobile use is unavoidable.
4. Restrict Data Access
Increased regulation for data access is necessary to improve security. This includes multi-factor authentication and encryption of remotely-accessed data, and restriction of who has access to confidential information.
5. Better Risk Assessments
Thorough assessments of risk are necessary for HIPAA compliance. These audits typically result in updated and revised security practices, including the use of new security technology and educational initiatives.
6. No Cloud Confidence
Only 64 percent of survey respondents store data in the cloud, reflecting a fear of unauthorized remote access of privileged data. Only one-third of respondents claimed confidence in their vendor’s security standards.
7. Better Security Strategies
While security frameworks and policies are essential to information privacy, survey responders revealed that 40 percent of organizations still lack a documented security strategy.
8. Trained Staff
With the prevalence of IT breaches that occur in-house, proper training of staff is essential. This includes appointing a chief information security officer to oversee IT security, preferably an employee knowing security issues in healthcare and security auditing experience.
At iBridge, security is a serious topic and we continue to learn and provide information to the industry at-large. If you have a question about HIPAA assessments, compliance requirements and other security topics, feel free to contact us.
Written by Dean Van Dyke, Vice President, Business Process Optimization
Dean Van Dyke is the Vice President of Business Process Optimization for iBridge. He brings more than 18 years of customer relations, business process outsourcing, lean six sigma, program/project management, records management, manufacturing, and vendor management experience to iBridge. Mr. Van Dyke was the former head of Microsoft’s corporate records and information management team, and served honorably for over fourteen years in the U.S. Navy and Army National Guard. He received his Bachelor of Science in Business Administration from the University of South Dakota and his Master’s in Business Administration from Colorado Technical University.