Healthcare News & Insights

10 ways to protect health data

As more patient information is held electronically, it gives doctors better access to data and enables faster, better decision making. Unfortunately, it also gives cybercriminals new ways to illegally access sensitive medical data.

Health information can come under attack in various ways – from hackers trying to gain access to a provider’s networks to internal staff members snooping at confidential files or accidentally allowing information to fall into the hands of outsiders.

Exposing sensitive patient information comes with serious repercussions for healthcare providers – including a loss of patient trust and financial penalties for compliance violations.

Here are 10 steps every provider can take to help prevent breaches of health data:

1. Conduct periodic risk assessments

The first step to preventing data breaches is to know what risks the organization faces. That means providers must know what information they hold, where it’s held, and who has access to it.

Also, either by using an internal IT department or getting the help of an outside vendor, providers should conduct periodic vulnerability tests to uncover potential security holes before hackers do.

2. Train employees

Many breaches of confidential health data can be traced back to the organization’s employees – either because an internal staff member intentionally viewed or stole information without authorization, or because an employee’s negligence exposed information to a data thief.

Therefore, a staff that knows how to properly deal with sensitive patient information is the first line of defense against data breaches. Training programs should include everyone who deals with patient data – that means not only administrative employees, but also doctors, nurses, and other clinicians.

3. Have policies – and enforce them

Along with training, organizations must give employees clear-cut rules about avoiding risky or potentially fraudulent behavior. For example, that could include restrictions on viewing information or taking it off of the organization’s premises without authorization.

Those policies should also have serious repercussions for employees who violate them.

4. Perform background checks

Another way healthcare providers can prevent breaches carried out by insiders is to avoid hiring employees that may pose a security risk.

Conducting a thorough background check before hiring anyone whose job will involve access to sensitive medical information can go a long way to prevent fraud and abuse.

5. Verify vendors

In addition to internal staff members, medical practices must also deal with various outside parties that may have access to patient data, including IT contractors and software vendors.

Practices should always check vendor references to make sure those parties do a good job keeping data safe. Also, make sure they conduct background checks for their employees who handle sensitive data.

6. Encrypt data

Many breaches occur due to lost or stolen electronic equipment containing medical information. That’s why it’s important to make sure data is encrypted when it’s put onto portable devices.

Encrypting data can also protect organizations from legal repercussions if it’s ever lost or stolen.

7. Include security when evaluating software systems

The ability to keep data safe should be a key factor in any software purchasing decision. IT can help evaluate a system’s security features, such as encryption and the ability to allow only authorized individuals to view certain data.

8. Have a breach response plan ready

Many organizations approach data security with the mindset of, “It’ll never happen here.” But, especially with the majority of providers experiencing some kind of breach in the past year, it’s important to know what to do if and when it does happen.

The breach response plan should be a living document that is periodically reviewed and changed. Also, it’s not enough simply to have the plan written down – all applicable people also must be trained to know what part they need to play.

9. Shred documents

Though digital data security is becoming more and more important, medical practices must also make sure they don’t neglect the security of physical documents.

That means implementing policies requiring the shredding of documents when they’re thrown away, locking file cabinets, etc.

10. Plan for mobile security

As smartphones, tablet computers, and other mobile gadgets become more popular in the medical field, healthcare providers must begin to take steps to make sure that the data contained on those devices stays safe.

To do that, organizations should:

  1. encrypt and password-protect mobile devices
  2. only allow installation of approved, secure applications, and
  3. install and update antivirus and other security software on those devices.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.