TEST to main content First level navigation Menu
healthcare-data

How to prepare for the future of healthcare data security

by Michael Campana
 
Data breaches are costly — especially for healthcare providers.

A recent industry study1 forecasts data breaches cost about $5.6 billion for healthcare providers annually, which means there is a lot of work to do as an industry to protect sensitive information. As healthcare moves toward more connected care, the amount of data exchanged between organizations will only grow, and this means the potential for exponential security risks.

Just as with population health and regulatory reform, security is complex and layered: the more you prepare, the more secure your organization can be — and it can’t happen overnight. Therefore, if you’re not already taking steps now to enable data to be captured, accessed and shared among patients, providers and payers, you may be a few steps behind.

According to some industry experts, the hard truth is that breaches are inevitable. Here are three practical tips for helping to strengthen your healthcare data security processes, helping you to become more proactive versus reactive:

The hard truth is that breaches are inevitable.

Encrypt your data

Reports2 say that much of the data stolen in the Anthem Blue Cross and Blue Shield data breach was unencrypted, proving that just because an organization may figuratively lock its electronic doors, that doesn’t mean their data is protected from a successful break-in. Encryption is vital and should be a matter of process moving forward — rather than an option. Ask yourself whether your data management system’s encryption and decryption capabilities are as strong as they can be — especially with respect to leveraging the cloud for patient healthcare information (PHI) transmission and storage.

Look at your whole data management strategy to identify gaps

Evaluating your data management strategy can help you secure PHI. Failing to do so could result in stiff financial penalties under HIPAA regulations. A few actions to secure access points include:


  • Be sure all workstations, including printers and multifunction devices used by clinical personnel, are locked down against unauthorized access.
  • Require all contractors with access to data systems to have completed Data Access Agreements. Under HIPAA rules, vendors can be held liable for compliance failures.
  • Conduct and document comprehensive risk analysis every year, as required under HIPAA regulation. It is vital to assess your data management systems and processes related to PHI, and include actual hacking attempts and potential or real-life scenarios.
  • Keep everyone working in your organization with access to PHI, from the executives to the janitorial staff, fully trained on all HIPAA regulations and requirements. By training your staff on current regulations, you not only help to protect information that is being shared within your organization, but you also safeguard data beyond the walls of your hospital.
 
 

The rise of consumerism and high patient payment responsibility is driving patients to be more willing — even demanding — of participants in the management of their own information.

 

Practice security in patient engagement

Patient engagement refers to the ongoing and constructive dialogue between patient and provider, and it’s largely driven by technology ranging from patient portals to electronic data capturing platforms that result in more accurate and streamlined diagnostic information.
 
While patient engagement wasn’t prevalent five years ago, providers will no longer control the data in the future. The rise of consumerism and high patient payment responsibility is driving patients to be more willing — even demanding — of participants in the management of their own information. As a result, leveraging technology that helps evolve the role of the patient, including putting more emphasis on secure access, will be critical to secure engagement. Examples include enforcing an authenticated sign-on process and tiered level security questions.

As the data breach at Anthem Blue Cross and Blue Shield illustrates, closing the barn door after the horses have escaped is futile. Considering the value of patients’ healthcare and insurance data, taking proactive steps to prevent data breaches can help your organization when it comes to preparing your data against breaches — now and in the future.

Is your hospital doing everything it can to remain secure?

Learn how you can be more proactive about protecting private patient information in the new era of data breaches and advanced cyber threats.
 
 
Michael Campana
Michael Campana joined Ricoh in 2012 as Senior Manager of Healthcare Marketing. He brings 27 years of experience to the role to lead the market positioning and strategy for Ricoh’s healthcare industry vertical in the Americas. Campana began his career in the healthcare industry upon graduating from the University of South Florida. He has worked for a number of healthcare organizations, including most recently Siemens Medical Solutions Health Services.
 
 
 
1 "Expect more, bigger healthcare breaches." HealthcareITNews.com. December 29, 2014. http://www.healthcareitnews.com/news/expect-more-bigger-healthcare-HIPAA-breaches
2 "Health Insurer Anthem Didn’t Encrypt Data in Theft." WSJ.com. Feb. 5, 2015. http://www.wsj.com/articles/investigators-eye-china-in-anthem-hack-1423167560