• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

by Jasmine Pennic 04/30/2014 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

iHT2’s research report provides health data privacy best practices for healthcare organizations to protect themselves from security breaches and identify theft.

With stolen EHR charts selling for as much as $50 per chart on the black market, healthcare organizations are increasingly vulnerable to cyber-attacks as the use of web portals for health information exchanges becomes more commonplace. Just last week, two stolen laptops lead to nearly $2 million in HIPAA fines by the HSS. To prevent future security breaches, healthcare providers and insurance organizations must use advanced security techniques.

Released today, iHT2’s latest research report, “Healthcare Security: 10 Steps to Maintaining Data Privacy in a Changing Mobile World” explains how healthcare organizations can best protect themselves from the rapidly growing threat of security breaches and medical identity theft. CIOs and security consultants describe best practices for preventing these incidents. They also suggest how to deal with the proliferation of electronic data on the web and on mobile devices, which has created many new avenues for cyber-attacks and the theft of personal health information.

The report was put together by:

  • Chris Brooks, SVP of Technology, WebMD Health Services
  • Sam Curry, CTO, RSA
  • James Dzierzanowski, Information Security Officer, Dignity Health
  • Howard E. Haile, CISSP, CISA, Chief Information Security Officer, SCL Health System

Sixty-one percent of global healthcare organizations have experienced a security-related incident in the form of a security breach, data loss, or unplanned downtime at least once in the past 12 months, according to the EMC Global IT Trust Curve Survey. Each year, these incidents cost U.S. hospitals an estimated $1.6 billion dollars. The paper offers ten best practice strategies for security in healthcare:

  1. Get security expertise. Hire a chief information security officer who is dedicated to safeguarding your organization’s data. Asking your CIO to add this burden to his or her extensive portfolio invites trouble, because basic security procedures may be overlooked as a result.
  2. Strike the right balance between security and accessibility. While data security is very important, security procedures cannot be allowed to get in the way of clinicians accessing the data they need to do their work.
  3. Role-based security. Restrict the access of individuals, based on their organizational role, to prevent breaches from spreading to the most sensitive and important data.
  4. Implement data controls. Identify the most critical and sensitive information and put data protection controls around that. Depending on the type of information, various security methods can be used, including encryption or tokenization.
  5. Use caution with single sign on. Single sign on poses security threats, but clinicians demand it. To minimize the risk, program workstations to time out and log off automatically. A role-based security approach can be used to restrict access to only those applications a user needs.
  6. Address the use of mobile devices. Organizations that allow BYOD must have policies to prevent mobile devices from endangering network security. They should also prohibit storage of PHI on these devices. Texting requires a security solution, as well.
  7. Get business associates agreements. All outside partners and service providers, including cloud storage providers, should sign BAAs acknowledging their responsibility to protect PHI. You should also require business associates to upgrade their security procedures.
  8. Secure patient portals. Verify the identities of portal enrollees and adopt stringent authentication processes, but don’t make it too hard for patients to log on to portals. Use behavioral and contextual approaches to detect patterns of intruders.
  9. Reduce HIE exposure. . Be aware of the security practices of public health information exchanges. If you participate in one, you can reduce your security risk by not importing HIE data into your system.
  10. Choose your cloud provider and cloud type carefully. A cloud service provider should sign a BAA and be HIPAA compliant. Healthcare providers might find the public cloud enticing because of cost efficiencies, but a hybrid cloud might be preferable because it allows them to control their data.

To download the report, visit http://ihealthtran.hs-sites.com/iht2-healthcare-security-report

 

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: iHT2

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

Aligning IT & Clinical Teams: How to Reduce Friction and Improve Communication

Most-Read

Why Brain Health Is Entering Its Infrastructure Era

Brain Health’s Infrastructure Era: Proving Clinical Outcomes with Integrated Neuromotor Tracking

Why Catholic Health Inked a $500M Care Alliance with GE HealthCare to Automate Outpatient Triage

Catholic Health Inks $500M Care Alliance with GE HealthCare to Automate Outpatient Triage

KLAS Global HIT Trends 2026 Report: Artificial Intelligence Becomes the Top Investment Priority

KLAS Global HIT Trends 2026 Report: Artificial Intelligence Becomes the Top Investment Priority

Optum Partners with Anthropic to Deploy Claude Across Healthcare Claims and Revenue Workflows

Optum Partners with Anthropic to Deploy Claude Across Healthcare Claims and Revenue Workflows

Rock Health H1 2026 Digital Health Funding Recap: Startups Hit $7.4B in Venture Rebound

Rock Health H1 2026 Digital Health Funding Recap: Startups Hit $7.4B in Venture Rebound

M&A: ResMed to Sell MatrixCare Business to Frazier Healthcare Partners for $450M

M&A: ResMed to Sell MatrixCare Business to Frazier Healthcare Partners for $450M

The Real Risk in Healthcare AI Isn’t the Model. It’s the Data. 

Clinical Data Fidelity: The Real Blindspot in Healthcare AI Strategy

KLAS 2026 EHR Market Share Report: Epic Gains as Oracle Health Faces Third Year of Losses

KLAS 2026 EHR Market Share Report: Epic Gains as Oracle Health Faces Third Year of Losses

Qualtrics Acquires Press Ganey Forsta for $6.75B to Create the Most Comprehensive AI Experience Platform

M&A: Qualtrics Completes $6.75B Acquisition of Press Ganey Forsta

Viz.ai Launches Viz Pulmonary™ Suite: AI-Powered Workflows for COPD, Lung Nodules, and PE

Viz.ai Launches Viz Pulmonary™ Suite: AI-Powered Workflows for COPD, Lung Nodules, and PE

Secondary Sidebar

Footer

Company

  • About Us
  • 2026 Editorial Calendar
  • Advertise with Us
  • Reprints and Permissions
  • Op-Ed Submission Guidelines
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2026. HIT Consultant Media. All Rights Reserved. Privacy Policy |