Healthcare News & Insights

Avoid data breaches by reviewing ‘near misses’

Hospitals that want the highest level of security for patients’ sensitive data need to evaluate “near-miss” data breaches just as closely as events that actually compromise patients’ data.

466037875A near miss occurs when a security or privacy incident that could spell trouble for a hospital is corrected before it becomes an actual data breach.

While it’s natural to want to breathe a sigh of relief if you head off a near-miss event, that’s not all you should do. The best way to handle a near miss is to use it as an opportunity to review your security processes and eliminate any gaps in your compliance procedures.

Keeping information secure

Here are three ways to effectively use security-related near misses to reduce the risk of data breaches and HIPAA violations, as adapted from an article on govhealthit.com:

  1. Identify the root cause. Did a doctor misplace a laptop with patient info saved on it? Did a clinician lose a piece of paper with the password he used to access your electronic health records (EHR) system? Or was there a security vulnerability in your hospital’s network because your software wasn’t up to date? Find out exactly what caused the near miss, getting as many details as possible.
  2. Look at what others in your position have done. Once you know how the near miss came about, it’s time to do some research. See if other hospitals have had a similar event happen to them, and find out how they handled it. It’s important to both see what they did right – and learn from what they did wrong.
  3. Make decisions to reduce your risk in the future. After you’ve analyzed the event and reviewed how other hospitals approached it, it’s time to put a plan into place to keep security tight at your hospital. Your plan may include additional security training for clinicians, tighter IT data control and being more vigilant about network upgrades. But keep in mind: You can’t totally eliminate the likelihood of a security lapse leading to a data breach. So it’s also key to have a plan in place for “damage control” if an incident becomes more serious.

Evaluating near misses and treating them as opportunities to bolster your hospital’s security is an excellent strategy for avoiding HIPAA violations – and mitigating the damage if a data breach should occur.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.