• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

by Jasmine Pennic 04/30/2014 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

iHT2’s research report provides health data privacy best practices for healthcare organizations to protect themselves from security breaches and identify theft.

With stolen EHR charts selling for as much as $50 per chart on the black market, healthcare organizations are increasingly vulnerable to cyber-attacks as the use of web portals for health information exchanges becomes more commonplace. Just last week, two stolen laptops lead to nearly $2 million in HIPAA fines by the HSS. To prevent future security breaches, healthcare providers and insurance organizations must use advanced security techniques.

Released today, iHT2’s latest research report, “Healthcare Security: 10 Steps to Maintaining Data Privacy in a Changing Mobile World” explains how healthcare organizations can best protect themselves from the rapidly growing threat of security breaches and medical identity theft. CIOs and security consultants describe best practices for preventing these incidents. They also suggest how to deal with the proliferation of electronic data on the web and on mobile devices, which has created many new avenues for cyber-attacks and the theft of personal health information.

The report was put together by:

  • Chris Brooks, SVP of Technology, WebMD Health Services
  • Sam Curry, CTO, RSA
  • James Dzierzanowski, Information Security Officer, Dignity Health
  • Howard E. Haile, CISSP, CISA, Chief Information Security Officer, SCL Health System

Sixty-one percent of global healthcare organizations have experienced a security-related incident in the form of a security breach, data loss, or unplanned downtime at least once in the past 12 months, according to the EMC Global IT Trust Curve Survey. Each year, these incidents cost U.S. hospitals an estimated $1.6 billion dollars. The paper offers ten best practice strategies for security in healthcare:

  1. Get security expertise. Hire a chief information security officer who is dedicated to safeguarding your organization’s data. Asking your CIO to add this burden to his or her extensive portfolio invites trouble, because basic security procedures may be overlooked as a result.
  2. Strike the right balance between security and accessibility. While data security is very important, security procedures cannot be allowed to get in the way of clinicians accessing the data they need to do their work.
  3. Role-based security. Restrict the access of individuals, based on their organizational role, to prevent breaches from spreading to the most sensitive and important data.
  4. Implement data controls. Identify the most critical and sensitive information and put data protection controls around that. Depending on the type of information, various security methods can be used, including encryption or tokenization.
  5. Use caution with single sign on. Single sign on poses security threats, but clinicians demand it. To minimize the risk, program workstations to time out and log off automatically. A role-based security approach can be used to restrict access to only those applications a user needs.
  6. Address the use of mobile devices. Organizations that allow BYOD must have policies to prevent mobile devices from endangering network security. They should also prohibit storage of PHI on these devices. Texting requires a security solution, as well.
  7. Get business associates agreements. All outside partners and service providers, including cloud storage providers, should sign BAAs acknowledging their responsibility to protect PHI. You should also require business associates to upgrade their security procedures.
  8. Secure patient portals. Verify the identities of portal enrollees and adopt stringent authentication processes, but don’t make it too hard for patients to log on to portals. Use behavioral and contextual approaches to detect patterns of intruders.
  9. Reduce HIE exposure. . Be aware of the security practices of public health information exchanges. If you participate in one, you can reduce your security risk by not importing HIE data into your system.
  10. Choose your cloud provider and cloud type carefully. A cloud service provider should sign a BAA and be HIPAA compliant. Healthcare providers might find the public cloud enticing because of cost efficiencies, but a hybrid cloud might be preferable because it allows them to control their data.

To download the report, visit http://ihealthtran.hs-sites.com/iht2-healthcare-security-report

 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: iHT2

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

Digital Health Funding Q3 2025: Choppy Undercurrents Beneath a Steady Surface

Featured Interview

ConcertAI VP Shares View on AI Hallucinations and the Fabricated Data Crisis in Scientific Publishing

Most-Read

Qualtrics Acquires Press Ganey Forsta for $6.75B to Create the Most Comprehensive AI Experience Platform

Qualtrics Acquires Press Ganey Forsta for $6.75B to Create the Most Comprehensive AI Experience Platform

Pfizer and Trump Administration Announce Landmark Agreement to Lower Drug Costs

Pfizer and Trump Administration Announce Landmark Agreement to Lower Drug Costs

KLAS Report: Epic's Native Ambient Speech Tool Reshapes Customer AI Strategies

KLAS Report: Epic’s Native Ambient Speech Tool Reshapes Customer AI Strategies

Epic Unveils MyChart Central and New APIs to Advance Interoperability at Open@Epic

Epic Outlines Roadmap for Next-Generation Data Sharing at Open@Epic

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

Epic Launches Comet: A New AI Platform to Predict Patient Health Journeys

RevSpring to Acquire Kyruus Health, Creating a Unified Patient Experience

RevSpring to Acquire Kyruus Health, Creating a Unified Patient Experience

Oracle Confirms Layoffs in Kansas City

Oracle Confirms Layoffs in Kansas City

Philips Future Health Index 2025: AI and Digital Tech Can Help Solve Cardiac Care Crisis

Philips Future Health Index 2025: AI and Digital Tech Can Help Solve Cardiac Care Crisis

Optain Health Secures $26M to Advance AI-Powered Retinal Screening

Optain Health Secures $26M for AI-Powered Retinal Screening

Sutter Health and Epic Launch "Sutter Sync" to Optimize Remote Chronic Care

Sutter Health and Epic Launch “Sutter Sync” to Optimize Remote Chronic Care

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |