How Vulnerable Is Healthcare Data Security?
Much of the news in healthcare data security is pretty grim: healthcare data breaches happened more often in 2015 than in previous years, and happened more often than in any other industry. Healthcare providers are privy to an extensive amount of very sensitive data - from specific health conditions to Social Security numbers - which clearly puts them at greater risk from hackers and ne’er-do-wells. But with the passage of HIPAA laws, the consequences of those hacks become even more critical, and potentially very costly.
How Do Data Security Breaches Occur?
According to Baker Hostetler, a law firm specializing in privacy and security violations:
- 31% of breaches were a result of phishing/malware/hacking software, and
- 24% were a result of employee actions/mistakes.
These statistics indicate that responsibility for more than half of all breaches rest on employees working directly with the data and with the computer systems where sensitive information is stored. The message to healthcare providers is clear: to avoid data breaches and reduce the risk of jeopardizing sensitive information, employees must receive better training and guidance.
What Steps Can I Take To Keep My Data Secure?
There are simple steps that any healthcare facility can take to help ensure the security of their data:
- Step 1- Ensure that your computer network has a top-rated virus protection software. PC Magazine provides an annual list of the best virus protection software programs and lists which features each one includes (such as phishing protection and malware protection).
- Step 2 - Use Data Loss Prevention software to add an additional layer of security and protection. Larger hospitals and clinics have an IT department to handle these issues, but smaller offices need to do their homework. Your server host may offer additional protection (such as firewalls), so be sure to ask about it before signing up for your service.
- Step 3 - Secure all computers with user passwords, and require password changes at regular intervals in order to keep the integrity of the network.
- Step 4 - Make sure that each employee is aware of the software installed and knows how to use it or what to do if an alert pops up. Employees should be trained on security procedures, including not sharing passwords and not having them written down anywhere near the computer. When an employee is no longer part of your staff, the password for her or him should be immediately reset (8% of breaches come from current or former employees accessing sensitive data inappropriately).
If you suspect that someone may have accessed your secure data illegally, take immediate action. Lock down your system and advise your staff not to use computers or programs which link to those files. If sensitive data (Social Security number, name, address, phone number, etc.) was compromised, healthcare providers are obligated to notify the individuals involved.
For a look at the regulations and circumstances under which notification is required, visit the HIPAA Privacy and Security site.