patients-personal-information-graphic

6 steps to protect your healthcare data

by Aline Liu

Summary

6 essential steps to protect your healthcare data

Read time: 3 minutes

Data breaches, stolen information, leaked personal records — daily we hear about the agonizing implications of mismanaged data.

In healthcare, mismanaged data comes with a unique set of challenging implications. Consider the 2014 hack against Community Health Systems, resulting in stolen information affecting 4.5 million people.

It’s no secret that healthcare organizations generate and capture information at a record pace. In fact, one study predicts that within the next few years, big data for U.S. healthcare will reach the yottabyte (10 24 gigabytes) scale.[1] A data center the size of Delaware and Rhode Island combined would be needed to store this volume of information.

As the amount of healthcare data skyrockets, so do data privacy and security risks. Not only can privacy and security breaches damage your organization’s reputation and compromise patient relationships, but they can also result in major costs. For example, data breaches can carry Health Information Portability and Accountability Act (HIPAA) violation penalties as large as $1.5 million annually. And, unlike in the past, the HIPAA Final Omnibus Rule now holds you responsible for protecting your patients’ private information — such as date of birth, medical record number or Social Security number — by requiring compliance with a comprehensive list of audit checkpoints and adhering to regulations.

To reduce the chance of information mismanagement, harmful breaches and major headaches, hospitals and health systems must take steps to properly capture and manage the flow of clinical and non-clinical information.

So, what small steps can you take today — without disrupting your workflows — to avoid similar breaches? As a start, be sure your organization applies the following six tips:

1. Strengthen user authentication

Adopt controlled access safeguards that can lock down your printers and limit access to certain features, depending on who is using them. At the same time, these safeguards control how and where documents and images are securely stored. Also consider heightening your password security.

2. Encrypt your data

Make data unreadable to anyone except authorized users and intended recipients. Applicable to stored and transmitted data, encryption protects the integrity of documents, images, messages and other personal health information. Technical safeguards as defined by the HIPAA Security Rule are meant to govern the access to electronic protected health information and include the following specifications:

  • Unique user identification

  • Emergency access procedure

  • Automatic log-off

  • Encryption and decryption

3. Protect confidential information

Use data overwrite security to automatically overwrite latent digital images. This makes it virtually impossible to reconstruct files and eliminates future access to those files from the original device.

To reduce the chance of information mismanagement, harmful breaches and major headaches, hospitals and health systems must take steps to properly capture and manage the flow of clinical and non-clinical information.

4. Create an audit trail

Track anyone who uses your devices and accesses data. This will help you produce and maintain the data audit trail required by the HIPAA Final Omnibus Rule. Administrative safeguards are also regulated through the HIPAA Security Rule to protect patients’ personal health information. These policies require you to:

  • Identify pertinent information systems

  • Conduct a risk assessment

  • Implement a risk management program

  • Obtain IT systems and services

  • Craft and deploy policies and procedures

  • Develop and execute a sanctions policy

5. Properly dispose of old equipment

Identify obsolete technology that no longer has the capability of keeping your data safe. By getting rid of these systems safely and securely, your organization alleviates any unnecessary added chance of data risk.

6. Implement physical safeguards

Protect and assess hardware used to share and transfer information to make sure that the right people have access to the right areas, including facility access controls, workstation use and security, and device and media controls.

It’s time for healthcare leaders to re-evaluate their HIPAA compliance risks and form smart strategies to securely capture, access and share information. If you’ve taken action on each of the items above, you’re on your way to ensuring only the right people touch your data — ultimately protecting your patients, employees and the bottom line.

Simply your healthcare data protection

Learn how to take the right steps with a trusted partner.

Recommended for you

Defining Hacking & 11 Essential Hacking Terms
Defining Hacking & 11 Essential Hacking TermsArticles

Defining Hacking & 11 Essential Hacking Terms

Get to know the basics of hacking with our guide to 11 key hacking terms. Uncover the vocabulary and concepts that make up the world of cybersecurity.

What does data security compliance mean for small business today?
What does data security compliance mean for small business today?Articles

What does data security compliance mean for small business today?

Explore the essentials of data security and compliance for small business success.

How a hospital used digital automation to streamline process
How a hospital used digital automation to streamline processCase Studies

How a hospital used digital automation to streamline process

See how one hospital used digital automation to streamline its information management process to ensure patients received the correct pharmacy medications.

  1. 1. Source: "Big data analytics in healthcare: promise and potential." hissjournal.biomedcentral.com. February 7, 2014. http://hissjournal.biomedcentral.com/articles/10.1186/2047-2501-2-3