• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • COVID-19
  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

5 Ways Healthcare Organizations Can Reduce Security Breaches

by Fred Pennic 12/12/2011 2 Comments

5 ways healthcare organizations can reduce occurrences of security breaches to combat the growing epidemic of security breaches in healthcare. 

According to a recent study by Ponemon Institute, there is an epidemic in security breaches in healthcare organizations increasing over 32 percent in the past year costing an estimated 6.5 billion annually. 96 percent of all the healthcare providers who participated in this study say they have had at least one data breach in the past mainly caused by employee sloppiness, which includes stolen computer devices, unintentional employee action, and third party errors.

So, what should healthcare organizations do to reduce security breaches? The following are 5 ways to effectively reduce security breaches:

  1. Establish Security/Privacy Policies and Training. According to the study, “healthcare personnel who handle sensitive and confidential patient information should be trained and aware of the policies and procedures governing the protection of this information.” Learning management system software can help train your staff on security privacy policies that would be helpful in reducing potential security breaches. Billing records and medical files are the most frequently lost or stolen patient data.  Employees must understand the importance of protecting patient data and healthcare organizations must effectively trained and enforce PHI policies and procedures. Healthcare organizations must also make privileged user and access governance a priority to combat unauthorized access to patient data and loss or theft.
  2. Perform PHI Risk Assessment. Healthcare organizations should perform a PHI risk assessment to Inventory any healthcare information that is personally identifiable.  Healthcare organizations must understand where their sensitive data resides including all stages of information workflow (stored, in use, transmitted). Then, the information should be prioritized by terms of sensitivity to determine their level of protection. The study states that 49 percent of respondents do nothing to protect mobile devices. Performing the risk assessment allows healthcare organizations to implement effective privileged user and access governance controls. Most importantly, it is required by the meaningful use final rule, HIPAA, ISO27001, etc.
  3. Implement Security & Privacy Measures. Healthcare organizations should implement security and privacy measures such as AES-NI (Advanced Encryption Standards New Instructions) protecting the confidentiality of sensitive data. Having a set of robust security monitoring tools for networks and data bases in addition to encryption is critical to the prevention of future security breaches. Encryption must be properly implemented in a multilayered approach with administrative and physical controls. This goes back to Step 1 ensuring effective administrative training on encryption policies/procedures. Healthcare organizations must also invest in anti-theft technology.
  4. Establish a Risk Mitigation/Incident Response Plan. The risk mitigation plan clearly defines all of the guidelines and assigned teams and responsibilities to effectively manage mitigating loss or theft of PHI.  According to the study, the average time to notify data breach is 7 weeks with 83 percent of respondents believing it is critical to notify victims as soon as possible. An effective risk mitigation strategy can quickly protect, respond, and recover potential loss and theft of data with the help of anti theft technology in a shorter time frame.
  5. Make Security & Privacy a Priority in Budget Planning. According to the study, “insufficient budget and risk assessments are organizations’ greatest weaknesses.” 54 percent stated inadequate budget for security and privacy as their kryptonite to preventing a data breach. This last and final steps is the hardest steps and there is no easy answer for CIOs to get budget approval for additional security and privacy measures when organizations are already faced with the competing priorities of ICD-10, meaningful use, etc. However, security breaches are damaging and costly with notification required by regulations. One potential security breach could make the case for approved budgets for security and privacy.

While there is no magic solution to eliminating 100% of all security breaches, healthcare organizations that use healthcare security and privacy best practices can greatly reduce the occurrence of security breaches within their healthcare organizations. Companies such as Intel Health have tools that could help healthcare organizations combat security breaches. What other steps should healthcare organizations perform to prevent security breaches?

A full copy of the report is available here for download.

Tagged With: healthcare security and privacy, healthcare security breach, healthcare technology, Meaningful Use

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Most Popular

Survey: Clinician Burnout Is A Public Health Crisis Demanding Urgent Action

17 Execs Share How Health IT Can Address Clinician Burnout, Staffing, & Capacity

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Northwell Health Extends Contract with Allscripts Sunrise Platform Through 2027

Northwell to Deploy Epic Enterprise EHR Platform Across System

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Pfizer Acquires Seagen for $43B to Tackle Cancer

Pfizer Acquires Seagen for $43B to Tackle Cancer

5 Key Trends Driving Purchasing Decisions in Healthcare IT

5 Key Trends Driving Purchasing Decisions in Healthcare IT

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Dr. Arti Masturzo

Q/A: Dr. Masturzo Talks Addressing Food Insecurity with Patients

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2023 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2023. HIT Consultant Media. All Rights Reserved. Privacy Policy |