Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

5 best practices for improving data security

342 views

Published on

Healthcare is increasingly digital and mobile with electronic records, cloud computing, smart phones and tablets. With all of the benefits of technology in healthcare, there are also some downsides. One of those downsides is difficulty protecting patient personal information. Since data breaches are unpredictable, even organizations that implement security and privacy controls and are fully HIPAA compliant can suffer a data breach. According to David Finn, health information technology officer at Symantec, even with a heightened focus on data security, healthcare organizations still make mistakes. Here, Mr. Finn offers five tips to help hospitals and health systems reinforce the safety of their health information.

Published in: Health & Medicine
  • Be the first to comment

  • Be the first to like this

5 best practices for improving data security

  1. 1. 5 Best Practices for Improving Data SecurityHealthcare is increasingly digital and mobile with electronic records, cloudcomputing, smart phones and tablets. With all of the benefits of technology inhealthcare, there are also some downsides. One of those downsides is difficultyprotecting patient personal information. Since data breaches are unpredictable, evenorganizations that implement security and privacy controls and are fully HIPAA compliantcan suffer a data breach. According to David Finn, health information technology officerat Symantec, even with a heightened focus on data security, healthcare organizations stillmake mistakes. Here, Mr. Finn offers five tips to help hospitals and health systemsreinforce the safety of their health information.1. Remember to conduct risk assessments. Although required by HIPPA, the riskassessment cannot be overlooked. Data flows in and out of hospitals EMR andother systems in a variety of ways creating a variety of potential risks. Officials needacute awareness of their hospitals data flow — the use and transfer of the data as wellas when and where the data leaves the hospital. A risk assessment is a critical way toidentify the risks associated with the data flow.
  2. 2. • 2. Tailor the protection to the data. Often, once officials identify the datas flow and where it is stored, they assume it is protected and safe, says Mr. Finn. The problem is that different data needs different data protection. If the data is never exchanged, security like endpoint protection, which requires each computing device to comply with certain standards before network access is granted, may not be necessary. On the other hand, if data were exchanged, endpoint protection would be necessary. According to Mr. Finn, it is important to understand that the security needs to be customized. "It goes back to data security as not just an IT issue. The right data protection entirely depends on who needs the data and how it is used. For example, if the data is used for a research presentation it needs different restraints and protection than if it is clinical data used by caregivers in the active treatment of a patient. Data for a research presentation may not need the same level of encryption," says Mr. Finn.
  3. 3. • 3. Train employees. Do not forget to train staff. "At the end of the day, health information security is about people," says Mr. Finn. "The security is only going to be as strong as the individuals using the systems." Physicians and clinical staff are usually well intended when they share data because they are trying to accomplish their jobs. However, it may not always be on their minds to protect and secure the healthcare data. According to a study by Symantec and the Ponemon Institute, insider negligence caused 39 percent of the data breaches in 2011, whereas malicious attacks by a third party only caused 25 percent. Proper and repeated training will raise the likelihood that the hospital staff remember proper security measures. Even the CEO and the hospital grounds keepers should be trained. If employees are trained — they know what to do and what not to do — they become another level of protection.• 4. Upgrade data loss protection tools. Obviously data can be shared in a variety of ways — person to person, on social networking sites, by email, through hard copies or on a USB. Mr. Finn recommends that hospitals spend the necessary money to purchase and upgrade data protection tools because they help monitor all the touch-points of data transfer. "Some of the data tools allow hospitals to monitor and watch data flow in real-time. You can tighten enforcements and install settings to flash warnings for employees before the data is emailed or shared," says Mr. Finn.
  4. 4. • 5. Think outside the box. Mr. Finn believes it is integral healthcare professionals think outside the box for ideas to protect healthcare data. Often, the cause of a data breach is unexpected. Even organizations that complete a risk assessment, implement security protocols and use data breach tools can experience a data breach. "We have to tax our minds a little bit to think of solutions from the standpoint of how the data is used and how it is exchanged. The following questions need to be addressed continuously as new technology emerges: Where is the data? How does it move? Who is using the data and at what locations? What is the datas purpose? We need to be creative in assessing the data flows and offering the right kind of security at each transfer point," says Mr. Finn. The vast impending growth in the field of technology has become a great leveler in today’s times. Acroseas feels that the increase in the growth of technology needs to be matched with the level of comprehensiveness of the solution. Security plays a key role in defining the above and always poses a great challenge in the backdrop of technology. There’s always a human element that breaks away the strongest of security codes in spite of concrete and technically advanced solutions.

×