1. Use multi-factor authentication (MFA). This is the single most important step healthcare IT professionals and their organizations can take to decrease the threat of the hackers gaining access to sensitive health information. MFA replaces reliance on the eminently “hackable,” single ID and password, providing stronger, more secure ways to prove someone is really authorized for such access.
2. Encrypt data both in transit and being stored. Data encrypted at rest does not guarantee it remains encrypted as it traverses a network. Both types of encryption are necessary to prevent hackers from accessing “over the wire” encrypted content that fails to remain encrypted once it’s reached its destination. Using both types of encryption safeguards must occur in tandem; they are not automatic.
3. Training, training and more training. Security experts agree: strong security is more about people than it is about technology. Communicating and training users on data security policies and practices need to be constant and done with vigilance for users to spot and avoid the ever-new techniques hackers employ to trick them into unwitting participation in a hacker scheme. Employees who don’t know how hackers and their schemes work are the ones most likely to be taken in by a hack.
“Electronic health information exchange provides healthcare providers with numerous benefits, primarily due to the increased efficiencies it affords. To avoid the risks—and potential hardship to users—healthcare providers need to become as familiar with standard security improvements and privacy protections as their counterparts in other industries have. Instituting these three actions alone goes a long way toward improving the security and privacy protection of electronic healthcare data,” Dr. Kibbe concluded.