Healthcare data security concerns and steps to decrease breach in 2014

From 2012 to 2013 healthcare data breaches have doubled.  A quick look at the numbers will make any healthcare security professional concerned, and ready to take action so that security in 2014 doesn’t live the same fate as last year’s.

• More than 130 health data breaches have taken place in 2013 and affected more than 5.7 million individuals versus about 2.7 million individuals affected by more than 160 breaches in 2012.

Why are breaches rising?

With healthcare data moving toward a complete online system (a perfect example: EHRs) this creates bulks of personal information that can be accessed by anyone who is looking to penetrate the area where data is stored (devices, networks, clouds, data centers).

In addition to the challenge of having big pools of data in one location and potentially accessible to unauthorized individuals, we find another six healthcare information security concerns.

1. Device theft
2. Insider threat
3. Business associates
4. Encryption
5. Lack of IT staff to adopt new security solutions and with the needed level of expertise
6. EHR vendors can’t always deliver new offerings in a timely manner

Six suggestions to help healthcare facilities prepare for the above challenges, as well as work towards a stronger security posture (long term), can come in handy.

1. Be ready to identify, analyze and report on security incidents at all times.
2. Verify that staff and business associates are consistent with the terms of agreement and meeting compliance standards.
3. Continued compliance with applicable federal and state laws, rules, and regulations across your facility and your business associates.
4. Comply and maintain internal security policies and procedures in loco, and ensure your business partners do the same.
5. Have an individual or team of security professionals who can coordinate security activities such as business associate relationships, audits and the monitoring process.
6. Improve implementation of encryption.

Lastly, keep in mind that with the new HIPAA report requirements a rise in healthcare data breach reports is inevitable. Reporting plays a huge role in the repercussions for a healthcare facility’s reputation and the patient’s sense of security.

Learning from the breach lessons that took place in 2013 and acting in a timely manner will allow the healthcare industry to show their patients that they can be counted on to keep sensitive data secure.

Healthcare executives and security professionals taking action will also give hope that 2014 will not turn out to be so dark and full of data breaches as this past year.

What steps are you taking to increase your healthcare facility’s security posture in 2014?

 

Photo courtesy of Fotos GOVBA