Apr
03
2012

The RX for medical breaches

It’s no secret that healthcare data breaches are steadily on the rise.  As technology has modernized healthcare, it has also made healthcare more vulnerable to hackers, fraudsters, and costly bad luck (such as when a lost portable hard drive exposes the personal health records of thousands of patients.)

The threat is real, so how do security experts suggest you protect yourself?

According to GovInfoSecurity, here are 8 tips to help ward off healthcare security breaches:

1. Risk Assessments
HIPAA security risk analysis has been in short supply, thus exposing personal health information to the vagaries of chance.  Many large healthcare breaches have involved the loss or theft of mobile devices and media containing unencrypted PHI, pointing to the fact that risk assessments were not conducted or had failed to identify mobile devices as a vulnerability.  Comprehensive assessments should take into account internal and external infrastructure, web applications and wireless security, and mobile device policies and employee training should be conducted for all healthcare organizations.

2. Encrypt Mobile Devices and Media
Data encryption is important in every setting, and this is especially true when it comes to healthcare data.  Further, some experts think that health organizations should go further than encryption and simply not allow patient data to be stored on mobile devices at all.

3. Increase Training
Security policies alone are not enough.  Employees must be trained in these policies in order for them to be effective.

4. Conduct Internal Audits
Internal breach threats can be mitigated by the establishment of regular internal audits, which can deter would-be fraudsters while also identifying internal breaches before they snowball further.

5. Monitor Business Associates
With business associates accounting for 22% of major breaches, it’s important to make sure that vendor partners are as security conscious as you are.  Audits should extend to business associates in order to ensure vendors are practicing agreed-upon security measures.

6. Limit Data Storage
Massive unencrypted databases are a recipe for disaster.  Encryption is important, but addressing the size of databases is also relevant.  Limiting the amount of personal data your organization possesses is an important step in ameliorating the consequences of data breaches.

7. Paper Records Are Also Important
Good old-fashioned paper records can also lead to data breaches, so amidst the focus on online threats don’t forget about the hazards of paper.

8. Address Other Vulnerabilities
Weaknesses such as wireless access vulnerabilities, ineffective encryption, rogue wireless access points, firewalls separating wireless networks from internal wired networks, and authentication requirements for entering wireless networks are examples of breach threats hat fall into the “miscellaneous” category.

Share