Healthcare is increasingly digital and mobile with electronic records, cloud computing, smart phones and tablets. With all of the benefits of technology in healthcare, there are also some downsides. One of those downsides is difficulty protecting patient personal information. Since data breaches are unpredictable, even organizations that implement security and privacy controls and are fully HIPAA compliant can suffer a data breach. According to David Finn, health information technology officer at Symantec, even with a heightened focus on data security, healthcare organizations still make mistakes. Here, Mr. Finn offers five tips to help hospitals and health systems reinforce the safety of their health information.

1. 5 Best Practices for Improving Data Security
Healthcare is increasingly digital and mobile with electronic records, cloud
computing, smart phones and tablets. With all of the benefits of technology in
healthcare, there are also some downsides. One of those downsides is difficulty
protecting patient personal information. Since data breaches are unpredictable, even
organizations that implement security and privacy controls and are fully HIPAA compliant
can suffer a data breach. According to David Finn, health information technology officer
at Symantec, even with a heightened focus on data security, healthcare organizations still
make mistakes. Here, Mr. Finn offers five tips to help hospitals and health systems
reinforce the safety of their health information.
1. Remember to conduct risk assessments. Although required by HIPPA, the risk
assessment cannot be overlooked. Data flows in and out of hospital's EMR and
other systems in a variety of ways creating a variety of potential risks. Officials need
acute awareness of their hospital's data flow — the use and transfer of the data as well
as when and where the data leaves the hospital. A risk assessment is a critical way to
identify the risks associated with the data flow.

2. • 2. Tailor the protection to the data. Often, once officials identify the data's flow
and where it is stored, they assume it is protected and safe, says Mr. Finn. The
problem is that different data needs different data protection. If the data is never
exchanged, security like endpoint protection, which requires each computing
device to comply with certain standards before network access is granted, may not
be necessary. On the other hand, if data were exchanged, endpoint protection
would be necessary. According to Mr. Finn, it is important to understand that the
security needs to be customized. "It goes back to data security as not just an IT
issue. The right data protection entirely depends on who needs the data and how
it is used. For example, if the data is used for a research presentation it needs
different restraints and protection than if it is clinical data used by caregivers in the
active treatment of a patient. Data for a research presentation may not need the
same level of encryption," says Mr. Finn.

3. • 3. Train employees. Do not forget to train staff. "At the end of the day, health
information security is about people," says Mr. Finn. "The security is only going to
be as strong as the individuals using the systems." Physicians and clinical staff are
usually well intended when they share data because they are trying to accomplish
their jobs. However, it may not always be on their minds to protect and secure the
healthcare data. According to a study by Symantec and the Ponemon Institute,
insider negligence caused 39 percent of the data breaches in 2011, whereas
malicious attacks by a third party only caused 25 percent. Proper and repeated
training will raise the likelihood that the hospital staff remember proper security
measures. Even the CEO and the hospital grounds keepers should be trained. If
employees are trained — they know what to do and what not to do — they
become another level of protection.
• 4. Upgrade data loss protection tools. Obviously data can be shared in a variety of
ways — person to person, on social networking sites, by email, through hard
copies or on a USB. Mr. Finn recommends that hospitals spend the necessary
money to purchase and upgrade data protection tools because they help monitor
all the touch-points of data transfer. "Some of the data tools allow hospitals to
monitor and watch data flow in real-time. You can tighten enforcements and install
settings to flash warnings for employees before the data is emailed or shared,"
says Mr. Finn.

4. • 5. Think outside the box. Mr. Finn believes it is integral healthcare professionals
think outside the box for ideas to protect healthcare data. Often, the cause of a
data breach is unexpected. Even organizations that complete a risk assessment,
implement security protocols and use data breach tools can experience a data
breach.
"We have to tax our minds a little bit to think of solutions from the standpoint of
how the data is used and how it is exchanged. The following questions need to be
addressed continuously as new technology emerges: Where is the data? How does
it move? Who is using the data and at what locations? What is the data's purpose?
We need to be creative in assessing the data flows and offering the right kind of
security at each transfer point," says Mr. Finn.
The vast impending growth in the field of technology has become a great leveler
in today’s times. Acroseas feels that the increase in the growth of technology
needs to be matched with the level of comprehensiveness of the solution. Security
plays a key role in defining the above and always poses a great challenge in the
backdrop of technology. There’s always a human element that breaks away the
strongest of security codes in spite of concrete and technically advanced solutions.