According to the 2014 Healthcare Breach Report from Bitglass, the total number of healthcare data breaches per year has remained fairly constant for the past three years—averaging about 200 breaches per year. About 6x as many credit card numbers as medical records are stolen each year. Healthcare data breaches are a big deal for healthcare consumers, the cost of breaking the rules is steep: Up to $50,000 per HIPAA violation, or up to $1,500,000 per calendar year per identical violation. In one notable case, an employee of Mass General Hospital accidentally left a file folder on the subway that ended up costing the provider $1 million dollars in fines due to the folder containing the PHI of 192 patients.
Fortunately, healthcare providers have some powerful tools, when it comes to protecting PHI. Today, emerging security technologies, like Cloud Access Security Brokers (CASBs), allow organizations to take a data-centric approach to cloud and mobile security.
When you put these solutions into place, you can take device loss or theft out of the equation, and offer true PHI security:
1. Establish comprehensive IT visibility and control over data transactions.
Emerging technologies known as CASBs , proxy traffic to and from corporate cloud applications and mobile devices, and are essential for any healthcare organization concerned about regulatory compliance and audits. They reverse proxy services are completely transparent to users, and do the heavy lifting of inspecting and
securing data, logging activities as they occur, and alerting IT immediately to unusual or unauthorized behavior. Saving IT the headache and man hours.
2. Control the flow of information
Securing personal smart phones and tablets is much harder than securing company-managed devices—so take the focus off the devices
themselves, and focus on securing the actual data. Today, it’s possible to block sensitive information from being downloaded to certain devices, through a set of rules that syntactically and contextually recognize PHI. To maintain HIPAA compliance, your solution must dynamically detect and redact PHI as data flows to BYOD clients.
3. Track and protect sensitive data anywhere it goes.
With today’s technology, you can place a digital watermark on all sensitive information, allowing you to track the information, see who downloaded it and see what they do with it. When staff members leave the organization, you can selectively wipe corporate data from their personal devices without disturbing any personal data or invading their privacy. Something MDM solutions can’t do.
4. Deploy a Single Sign-On (SSO) solution throughout your organization.
SSO solutions deter hackers who may take advantage of common password habits, such as using the same password for different services, or keeping a sticky note underneath the keyboard. They automatically redirect staff to a company login page on the way to accessing any company application. One login—one password. So healthcare workers can focus on saving lives, rather than on logging into the system.
5. Make data security easy to deploy and use.
No IT organization has money to burn— healthcare organizations least of all. Cloud applications and mobile devices are ultimately designed to save time and money, so the process of securing them needs to make financial and administrative sense, as well. Any security solution should deploy and scale easily, and with minimal administrative overhead.