Healthcare Cyber Risks: Protecting Patient’s Information
Healthcare facilities and organizations, according to Experian, accounted for about 42% of all major data breaches that were reported in 2014. Expectations are that this number will continue to increase as cyber criminals become increasingly more sophisticated in their attacks. Going into 2015, organizations are looking to increase their security measures and safeguard a patient’s protected health information (PHI). Following are several measures to help your insureds protect patient information, courtesy of ID Experts.
- Leadership engagement is crucial. Organizational leadership must embrace and champion compliance as it would any other component of the organization’s value chain. Leadership must visibly and actively foster a culture of compliance throughout the organization by setting expectations and holding all workforce members accountable to the same standards.
- Find and identify data. Organizations need to know where their data lives, where it travels, and in what form (encrypted, identified, de-identified, etc.).
- Control PHI workflow and minimize necessary workforce access. Find better ways to control PHI workflow within the organization, and movement outside the organization. This means not only safeguarding it from impermissible uses and disclosures, but also requiring integration of HIPAA with other health information protection activities to ensure a single point of control within the organization.
- Evaluate risks. Organizations must have robust processes in place to evaluate risk with new systems, devices, services and partners to vet those that don’t meet best security practices.
- Make third-party vendor management a priority Organizations need to fortify third-party vendor management to strengthen oversight and review processes.
- Get proactive.Companies that go above and beyond baseline protection requirements for patient information will be viewed as industry leaders, and patients will choose to use their services over others.
- Implement privacy as an integral part of new technology adoption. The pace at which new technology is being introduced into the healthcare industry is increasing, with thousands of new health-related mobile applications available this year, devices such as Apple Watch and the Internet of Things. Patient privacy and security features must be a priority with these apps and devices. In fact, the FTC is pursing a number of investigations and enforcement actions against tech companies and data brokers that collect and sell consumer information, and issued caution related to these new apps and devices.
- Champion a culture of security. Every employee throughout the organization is a guardian of the customer’s data.
In addition to fortifying security measures and taking proactive steps to protect patient information, a sound cyber liability insurance program should be secured. This is the time to review with your healthcare clients their cyber policy and how responsive it is in the event of a breach or other related claim. At Caitlin Morgan, we can assist you in placing a comprehensive cyber liability insurance program for healthcare facilities. We specialize in this area and offer a wide range of products. Just call us at 877.226.1027.
Sources: ID Experts, FTC