With constant threats to patient data, it is necessary for hospitals and other healthcare organizations to implement security measures to protect patient information.
Heather Roszkowski, CISO at Fletcher Allen Health Care in
In a recent interview, Ms. Roszkowski along with Mac McMillan, CEO of CynergisTek and current chair of the HIMSS Privacy and Security Policy Task Force, address five ways hospitals can improve their data security.
1. Recognize the threat. From hackers trying to infiltrate a hospital network to employees losing mobile devices, the threat to protected patient information is ever changing. It is important for healthcare organizations to be prepared if there is a threat to the system and to be able to protect itself and its patients' information. According to Mr. McMillan, many organizations aren't even aware of how big this challenge is because they have not made data security a deliberate focus. Healthcare organizations must make data security a priority so they recognize when there is a threat to their system.
2. Bring the right tools on board. Hospitals must embrace enlightened leadership and expend the resources necessary to protect patient data on a daily basis, says Mr. McMillan. "Certain things such as auditing and monitoring are going to have to be automated, and resources are going to have to be expended on them."
Patient data security requires hiring individuals with the right expertise to advise and implement a solid data security program. Resources need to be spent on tools such as data loss prevention and privacy monitoring, adds Ms. Roszkowski.
3. Understand the responsibility. Patient data needs to be protected, and employees need to understand how big of a responsibility that is. Many data breaches at healthcare organizations are caused by human error. Mr. McMillan says many hospitals "aren't doing an adequate job of training personnel in building a culture of responsibility." Employees need to understand when they are using a smartphone, laptop or tablet containing patients' health information, they have a responsibility to protect that information.
4. Remind staff of the risks. Ms. Roszkowski says information security needs to be treated as a patient safety issue because of the extreme consequences associated with not protecting patient information. She suggests addressing the responsibility of protecting patient data on an employee's first day on the job and giving constant reminders of the risks involved with not protecting patient information. Hospital staff "get used to dealing with a lot of sensitive information and they put their guard down sometimes," she explains. She tells staff to "treat the patient's record as you would if it were your own information."
5. Test the system. Data security processes and technology need to constantly be tested and monitored. "Become a healthcare organization that isn't afraid to test itself," says Mr. McMillan. "Any system not tested is a system not secured." Regulations concerning patient information and data security are ever changing, and updating security measures needs to be a part of hospitals' every day business. It's also important to get feedback from staff on how security measures are working and any changes they think need to be made.
More Articles on Data Security:
Complaint Filed Against Walgreens for Endangering Patient Privacy
Hacker-Caused Data Breaches Up 100 Percent, Study Finds
10 Recent Healthcare Data Breaches