Healthcare organizations are collecting a wider range of information than ever before. At the same time, threats to data privacy and security are rising at an equally fast pace. Healthcare systems need to manage risk effectively as sensitive patient information if released or becomes public is not easy to fix and can be very financially damaging to an organization.
Finance, IT, risk management and compliance leaders need to come together and analyze potential risk. They need to develop policies and procedures to help prevent attacks and to manage breaches should they happen. A recent article in Healthcare Financial Management provided several strategies from security experts to keep a healthcare organization’s information systems and protected health data secure.
7 Tips to Keep Healthcare Information Protected
- Educate employees on safe email practices. Teach employees not to click on links in emails from unknown addresses, how to create strong, unique passwords and to disable unused accounts.
- Educate leadership about cybersecurity threats. Company executives need to understand what is required from an investment standpoint to properly defend against modern threats.
- Invest in network monitoring. Use monitoring to detect the transfer of data to suspicious internet protocol addresses where cyberattacks may originate.
- Use two-factor authentication. This practice grants access only after users provide a password and another piece of user information, making it harder for potential data thieves to get behind firewalls.
- Encrypt information on mobile devices and laptops. Protect vulnerable data with this backup defense strategy incase first-line defenses fail.
- Regularly update business associate agreements. Review policy and security requirements with third parties to review accountability and breach reporting mandates relative to protected health information.
- Be alert and ready to respond. Have a team in place to respond to any breaches to assess damages and prevent future occurrences.
It is going to be an ongoing process for healthcare organizations to keep their data secure. There is never going to be a way to completely lockdown all the systems involved, but providing employees, physicians, third party vendors, etc. with best practices and regular communication about cybersecurity will keep the importance of this topic foremost in everyone’s minds.
Source: Healthcare Financial Management. Managing Cybersecurity Threats. 2017.