As of Sept 23, 2013, organizations handling healthcare data, will be required to be compliant with the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA). This regulation not only applies to healthcare practices and insurance companies but also to business associates of the health care provider. This includes IT consultants, cloud service providers and other organizations involved in handling patient data.
As patient data are increasingly being converted to electronic formats, hospitals and medical practices have become popular targets for cyber attacks. Medical records, patient payment details, personal information, social security number and insurance information, if accessed by hackers, can easily be leveraged readily for their financial gain.
Below are some tips to help address the security compliance of HIPAA:
The web being an invaluable source of information to medical facilities it is also an unavoidable source of malware and viruses. Enforcing a web blocking or filtering solution can restrict users to sites that may be deemed to be harmful to the medical practice. These solutions offer the facility to deploy custom Internet restriction policies by user, PC and department. Block unwarranted downloads of executable files, video and audio files that could infect the network.
With BYOD becoming a norm in the workplace, there is an increased risk of patient health data, being transferred to these inconspicuous devices (smartphones, tablets, USBs…). When a breach occurs in medical facilities, the practices are burdened with the cost of notifying all affected patients and often paying for any damages resulting from the theft. Implementing Data Loss Prevention security software provides a proactive solution for securing company endpoints such as USBs, BlueTooth, to prevent the transfer of confidential patient data to personal devices.
With the constant storm of viruses, worm and malware, software companies regularly release updates to address these threats. Unpatched computers are especially vulnerable to viruses and hackers. Ensure that systems in your practice or department are configured to receive these updates automatically.
Teaching employees to be aware of an organization’s security regulations can be one of the most effective ways to enhance the company’s overall security programme. Educate them on areas such as using strong passwords, being aware of phishing emails and social media practices.
With rising costs, healthcare organizations cannot afford to be burdened with the penalties for HIPAA noncompliance. Administering suitable security technology, along with the right employee education should help protect patient digital identity.