Manage Learn to apply best practices and optimize your operations.

Work inside-out to protect against healthcare data breaches

Providers on the lookout for healthcare data breaches should take note of an HHS site that lists every security incident that affected more than 500 patients.

Large-scale healthcare data breaches are growing in frequency, and concerned IT executives are scrambling to stay...

ahead of potential threats. An HHS website can help. It shows providers how to stay ahead of hackers and secure protected health information, while staying fully compliant with HIPAA requirements.

Hacking incidents, unauthorized access and theft are few of the reported types of healthcare data breaches listed on the HHS site. The site also contains a list of organizations that have experienced a data breach that affected more than 500 patients.

While there may still be breaches that not have been reported, every organization is continuously evaluating their security protocols. A variety of software tools, dedicated security appliances, consulting services and other methods are being used by healthcare IT departments to protect their stored data.

The increased adoption of EHRs and the use of mobile technology to access health information remotely have multiplied the number of areas in which a healthcare organization is vulnerable to security breaches.

HIPAA consists of three core areas that a hospital or healthcare entity must address:

  • Technical safeguards
  • Administrative safeguards
  • Physical safeguards

Each of these areas requires specific tasks and activities to be fully achieved. Some providers have contracted the assistance of external third-party security firms to help them monitor and protect their data. By using outside security experts, IT executives free up time to focus on other internal projects. These are some of the tasks for which outside security firms are used in healthcare:

  • Threat identification and response
  • Compliance reviews and assessment
  • Implementation of advanced security tools
  • Security consulting services
  • Frequent network and system scans
  • Intrusion detection and prevention
  • Penetration testing
  • Endpoint protection
  • Data encryption and data loss prevention
  • System monitoring
  • Employee security training

The increased adoption of EHRs and the use of mobile technology to access health information remotely have multiplied the number of areas in which a healthcare organization is vulnerable to security breaches. Though the use of a third-party security firm can ease many of healthcare IT executives' security concerns, the burden of monitoring security readiness should not be completely left to outside groups. The IT department should take an active part in constantly protecting their organization's data and systems from a healthcare data breach.

About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email editor@searchhealthit.com or contact @SearchHealthIT on Twitter.

Next Steps

Backups play a starring role in healthcare analytics

Health data security improving, IT still behind

2014 to-do lists include HIPAA security implementations

This was last published in September 2014

Dig Deeper on Electronic medical records security and data loss prevention

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close