This week, the Office of the National Coordinator (ONC) for Health Information Technology announced it has launched a set of initiatives to improve the overall state of health IT security. The ONC’s initiatives — launched on April 1 — will focus on providing tools and guidance to minimize security risk, educating the health IT community about security awareness and creating support functions to help when security emergencies strike.
According to the ONC, the majority of health care information data breaches in the past five years were actually the result of disappearing hardware, while hacking or Internet crime accounted for less than 10%. To that end, the ONC suggests that health IT security can be improved by implementing the following common-sense policies:
- Securing all computers that contain patient data;
- Protecting laptops with a combination of physical, technology and policy-related methods;
- Locking drive bays to prevent hard drives from being removed;
- Placing servers in secure areas, strictly limiting access, and maintaining entry/exit logs; and
- Establishing security policies that require the use of a high-grade encryption algorithm.
As these health IT security initiatives are rolled out, training materials and other collateral will be posted on the ONC website.