Fifty years ago, keeping health data secure was as simple as putting a lock on the filing cabinet. A data breach would have to involve someone physically breaking into your facility, or at the very least intercepting a courier.
There’s no denying physical media is easier to keep secure. But few clinicians would go back to the days of keeping patients’ health records in file folders. Digital data is far more accessible throughout health systems. Access to relevant data provides greater context for care, which can help increase efficiency, lead to better informed diagnoses, and ultimately improve the patient experience.
The challenge for health leaders is to balance data accessibility and security. It should be as easy as possible for authorized users to access data, while minimizing the potential for a breach and staying in full compliance with FDA regulations and guidelines.
Here’s how to avoid gambling with your health system’s data security:
- Enhance Security in the Cloud:Which is more secure: The server located in your facility, or storage space in the cloud? You might think the more control you have over the storage, the more security you have. In that case, your own hardware would be more secure. In this case, however, you’re likely to find that the cloud storage solution is less vulnerable. Cloud storage vendors are security-minded by nature and by business. With the right vendor, your data is protected by the latest technology and by staff who are experts in keeping data secure. That said, it’s important to be security-minded regardless of where your data is stored. You can supplement a cloud provider’s security measures by making sure your organization makes security a priority as well.
- Foster a Culture of Security: Your security is only as strong as its weakest element—and in most cases, that’s the human element. The strongest passwords might as well be “1234” if they’re written on a sticky note and stuck to a monitor, or stored in an unprotected shared document. When putting together a comprehensive security plan, make sure your entire health system knows that security is a priority. Health leaders can lead by example in this case, practicing good password hygiene and safe data management. Internal communications should emphasize the importance of creating a secure environment. The messaging can highlight technology, but should reinforce the idea that security is everyone’s personal responsibility.
- Go Beyond Compliance: It’s tempting to think that simply complying with national and international security standards is enough to keep your data safe. But security is more than checking items off a list—it needs to be an ongoing process, maturing and growing more sophisticated over time. Pinning the state of your security to compliance encourages a temporary, goal-based approach that could leave your system vulnerable. Instead, make security part of your organization’s culture, and continue to evolve as new threats and new technology becomes available.
- Choose Vendors That Value Security: Cybersecurity is too complex and too important an issue for health systems to tackle on their own. The right partners can provide the expertise and technology you need to keep progressing on the security spectrum. Vendor partners, like Change Healthcare, can work with health systems to plan, design, and integrate Business Continuity and Disaster Recovery systems, to help minimize the impact of disruptions to clinical operations and patient care.
- Don’t Gamble with Security: Change the Odds: The amount of data that health systems store and transmit, and the sensitive nature of that data, make health systems a prime target for security breaches. Last year, 28% of reported breaches were in the healthcare sector, making it the most breached industry overall. Yet our industry still lags behind others in adapting new security measures. Health systems that are slow to change are gambling with the data patients entrust to them. To reduce the risk, make security a fundamental part of your organization’s culture. Think of it as a continuum, not a journey with a specific endpoint. Most importantly, choose the partners that will help your security continue to grow and mature as the threat landscape evolves.
Steven Ramirez is a Senior IT Solutions Consultant at Change Healthcare, with extensive experience in IT Risk/Security Management, Cyber Security, IT Regulatory Compliance, HIPAA Security, Business Resilience and Disaster Recovery Solutions.
Members of two high-profile Washington committees received a tutorial recently on the value of price transparency in healthcare, and how using it helps patients better understand their medical bills. Change Healthcare SVP of Engagement Solutions Tate McDaniel led healthcare transparency briefings before the House ...