zentilia - Fotolia
Large-scale healthcare data breaches are growing in frequency, and concerned IT executives are scrambling to stay ahead of potential threats. An HHS website can help. It shows providers how to stay ahead of hackers and secure protected health information, while staying fully compliant with HIPAA requirements.
Hacking incidents, unauthorized access and theft are few of the reported types of healthcare data breaches listed on the HHS site. The site also contains a list of organizations that have experienced a data breach that affected more than 500 patients.
While there may still be breaches that not have been reported, every organization is continuously evaluating their security protocols. A variety of software tools, dedicated security appliances, consulting services and other methods are being used by healthcare IT departments to protect their stored data.
HIPAA consists of three core areas that a hospital or healthcare entity must address:
- Technical safeguards
- Administrative safeguards
- Physical safeguards
Each of these areas requires specific tasks and activities to be fully achieved. Some providers have contracted the assistance of external third-party security firms to help them monitor and protect their data. By using outside security experts, IT executives free up time to focus on other internal projects. These are some of the tasks for which outside security firms are used in healthcare:
- Threat identification and response
- Compliance reviews and assessment
- Implementation of advanced security tools
- Security consulting services
- Frequent network and system scans
- Intrusion detection and prevention
- Penetration testing
- Endpoint protection
- Data encryption and data loss prevention
- System monitoring
- Employee security training
The increased adoption of EHRs and the use of mobile technology to access health information remotely have multiplied the number of areas in which a healthcare organization is vulnerable to security breaches. Though the use of a third-party security firm can ease many of healthcare IT executives' security concerns, the burden of monitoring security readiness should not be completely left to outside groups. The IT department should take an active part in constantly protecting their organization's data and systems from a healthcare data breach.
About the author:
Reda Chouffani is vice president of development at Biz Technology Solutions Inc., which provides software design, development and deployment services for the healthcare industry. Let us know what you think about the story; email firstname.lastname@example.org or contact @SearchHealthIT on Twitter.
Backups play a starring role in healthcare analytics
Health data security improving, IT still behind
2014 to-do lists include HIPAA security implementations