Posted by: Jenny Laurello
Business associates, data privacy and security, Data storage, HIPAA, Infrastructure, Patient data, Technology infrastructure
Guest post by: Ruby Raley, Director, Healthcare Solutions, Axway
How do you know that you’ve done all you can to protect your organization’s information and your patients’ information?
I can think of four essential issues of IT infrastructure — hard, fast, universal must-haves — that need to be addressed before you can rest assured you’ve done your best.
Breaches often involve unauthorized access, where someone find records on the Internet without logging in, and the owners of the records aren’t able to guarantee that only those individuals with both the right to know and the need to know have accessed the data. With the proper authentication and security measures in place, access to protected health records is limited to those who are both authorized to know and who need to know.
2. Secure email
All email messages exiting the organization must be properly protected; a policy-driven email strategy ensures this. Policies create added benefits, too, like filtering out junk mail, which ultimately both secures and optimizes your processes.
3. Secured data storage and transport
The TriCare breach, in which backup tapes were stolen from the car of an SAIC employee and the EHRs of 4.9 million patients were compromised, is a perfect example of why this issue is so important. When your organization’s data is backed up, on tapes or otherwise, and transported, ask yourself: “Will it be possible for unauthorized people to access the data should it be stolen?”
4. Clear Business-associate agreements
Business-associate agreements — contracts you and your business associates sign before any transactions begin — ensure that you’re working with professionals who understand your business. When we work with others, we may forget that they know far less about our business than we do. We must ensure that they have the right training, processes and procedures in place, and that they adhere to the same levels of security.
As you consider and act on these four issues, you will begin to close the loopholes that put company and patient data at risk. You’ll be confident that you have properly authenticated everyone, have the right security in place, are safely exchanging data with other via email and, lastly, have the proper agreements and right people handling sensitive data.
For more information, please visit www.axway.com.