• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • COVID-19
  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

by Jasmine Pennic 04/30/2014 Leave a Comment

10 Steps to Maintaining Health Data Privacy in a Changing Mobile World

iHT2’s research report provides health data privacy best practices for healthcare organizations to protect themselves from security breaches and identify theft.

With stolen EHR charts selling for as much as $50 per chart on the black market, healthcare organizations are increasingly vulnerable to cyber-attacks as the use of web portals for health information exchanges becomes more commonplace. Just last week, two stolen laptops lead to nearly $2 million in HIPAA fines by the HSS. To prevent future security breaches, healthcare providers and insurance organizations must use advanced security techniques.

Released today, iHT2’s latest research report, “Healthcare Security: 10 Steps to Maintaining Data Privacy in a Changing Mobile World” explains how healthcare organizations can best protect themselves from the rapidly growing threat of security breaches and medical identity theft. CIOs and security consultants describe best practices for preventing these incidents. They also suggest how to deal with the proliferation of electronic data on the web and on mobile devices, which has created many new avenues for cyber-attacks and the theft of personal health information.

The report was put together by:

  • Chris Brooks, SVP of Technology, WebMD Health Services
  • Sam Curry, CTO, RSA
  • James Dzierzanowski, Information Security Officer, Dignity Health
  • Howard E. Haile, CISSP, CISA, Chief Information Security Officer, SCL Health System

Sixty-one percent of global healthcare organizations have experienced a security-related incident in the form of a security breach, data loss, or unplanned downtime at least once in the past 12 months, according to the EMC Global IT Trust Curve Survey. Each year, these incidents cost U.S. hospitals an estimated $1.6 billion dollars. The paper offers ten best practice strategies for security in healthcare:

  1. Get security expertise. Hire a chief information security officer who is dedicated to safeguarding your organization’s data. Asking your CIO to add this burden to his or her extensive portfolio invites trouble, because basic security procedures may be overlooked as a result.
  2. Strike the right balance between security and accessibility. While data security is very important, security procedures cannot be allowed to get in the way of clinicians accessing the data they need to do their work.
  3. Role-based security. Restrict the access of individuals, based on their organizational role, to prevent breaches from spreading to the most sensitive and important data.
  4. Implement data controls. Identify the most critical and sensitive information and put data protection controls around that. Depending on the type of information, various security methods can be used, including encryption or tokenization.
  5. Use caution with single sign on. Single sign on poses security threats, but clinicians demand it. To minimize the risk, program workstations to time out and log off automatically. A role-based security approach can be used to restrict access to only those applications a user needs.
  6. Address the use of mobile devices. Organizations that allow BYOD must have policies to prevent mobile devices from endangering network security. They should also prohibit storage of PHI on these devices. Texting requires a security solution, as well.
  7. Get business associates agreements. All outside partners and service providers, including cloud storage providers, should sign BAAs acknowledging their responsibility to protect PHI. You should also require business associates to upgrade their security procedures.
  8. Secure patient portals. Verify the identities of portal enrollees and adopt stringent authentication processes, but don’t make it too hard for patients to log on to portals. Use behavioral and contextual approaches to detect patterns of intruders.
  9. Reduce HIE exposure. . Be aware of the security practices of public health information exchanges. If you participate in one, you can reduce your security risk by not importing HIE data into your system.
  10. Choose your cloud provider and cloud type carefully. A cloud service provider should sign a BAA and be HIPAA compliant. Healthcare providers might find the public cloud enticing because of cost efficiencies, but a hybrid cloud might be preferable because it allows them to control their data.

To download the report, visit http://ihealthtran.hs-sites.com/iht2-healthcare-security-report

 

Tagged With: iHT2

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Most Popular

Survey: Clinician Burnout Is A Public Health Crisis Demanding Urgent Action

17 Execs Share How Health IT Can Address Clinician Burnout, Staffing, & Capacity

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Q/A: Dr. Johnson Talks Racial Disparities in Breast Cancer Care

Northwell Health Extends Contract with Allscripts Sunrise Platform Through 2027

Northwell to Deploy Epic Enterprise EHR Platform Across System

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Sanofi Cuts Price of Lantus Insulin by 78% & Caps Out of Pocket Costs at $35 for All Patients

Pfizer Acquires Seagen for $43B to Tackle Cancer

Pfizer Acquires Seagen for $43B to Tackle Cancer

5 Key Trends Driving Purchasing Decisions in Healthcare IT

5 Key Trends Driving Purchasing Decisions in Healthcare IT

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Sanofi to Acquire Diabetes Therapy Maker Provention Bio for $2.9B

Dr. Arti Masturzo

Q/A: Dr. Masturzo Talks Addressing Food Insecurity with Patients

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Transcarent Acquires 98point6 AI-Powered Virtual Care Platform and Care Business

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Eli Lilly Cuts Insulin Prices by 70%, Caps Patient Costs at $35 Per Month

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2023 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2023. HIT Consultant Media. All Rights Reserved. Privacy Policy |