Real
safeguards and policy implementations, however, speak louder than any number of
crisis meetings. Securing any healthcare organization -- from a solo practice
to multi-location hospital systems -- takes measured planning, technical
expertise, and business knowledge. It's the only way security professionals can
balance their quest for impenetrable devices and software against medical
users' demand for easy, accessible data and tools.
New regulations
tied to the Affordable Care Act are now in effect regarding protected health
information and electronic health records, which only underscores the need for
data security to ensure privacy among patients. Healthcare providers recognize that data
security is of vital importance to their business.
Healthcare
organizations are particularly vulnerable. They house personal health, payment
information, and intellectual property -- all lucrative targets for hackers.
But most employees want to heal people, not become technologists, and might
view technology protections as healthcare speed bumps. As providers, payers,
employees, patients, and partners become increasingly intertwined through
shared data, transparency, and analytics, the opportunities for loss, error, or
theft grow exponentially.
Healthcare
had the highest percentage of incidents from theft or loss, the study found,
suggesting room for improvement. But
employees don't deserve all the blame. Outsiders -- such as business
associates, contractors, and suppliers -- accounted for 68% of the top 10
miscellaneous errors.
Education
and regular checks and balances decrease the frequency of incidents.
Technologies such as data-loss-prevention software monitor emails and faxes,
while mandating that IT alone disposes of equipment helps ensure fewer
data-laden devices end up marked for recycling, eBay, or the trash.
Policies
are critical to ensuring that an organization's security message permeates
departments and shifts. It is one reason a growing number of healthcare
organizations are hiring chief security officers (CSOs) or chief information
security officers (CISOs) to oversee and govern all areas of protection.
These
technology professionals play an important role; security knowledge is vital,
but they also require business expertise in healthcare.
