When you think of electronic personal health information (PHI), you probably think of a doctor keeping records on a patient and storing them in a database at their practice. In reality, however, PHI is an information source that reaches far beyond doctors’ offices. This data, and the rules protecting it, are a concern for a broad group of health care professionals — in and out of clinical settings.
Continued cyber attacks on health care organizations, like the massive breach on Anthem Blue Cross and Blue Shield earlier this year, are proof that hackers see PHI as a highly valuable target. And this shouldn’t come as a big surprise. Not only does this data contain the kind of personal information that fraudsters can use for identity theft, it’s also relatively easy to access in black-hat hacking circles.
PHI theft is a major problem for both the large numbers of individuals affected by these breaches, and the organizations that face harsh penalties and business setbacks as a result. As such, anyone working with a company that handles personal health information — from the chief executive all the way to the maintenance staff — needs to understand their role in protecting this critical resource. To safeguard the personal health information of your customers, there are a number of steps you can take, including:
1. Get to know HIPAA,
HIPAA’s best practices for handling PHI are designed to help reduce the vulnerability of sensitive records. These guidelines help professionals understand how they can help keep records secure on a day-to-day basis. Getting a team thoroughly trained on HIPAA, even beyond the required competency, can be well worth the investment.
2. Get a professional security assessment.
You may have encryption in place to protect your PHI, but is it working like it should? Are your third-party vendors accessing these records and keeping them properly protected? If your security could be audited for these issues, a professional security assessment can help keep you out of harm’s way.
3. Know how to respond.
A critical part of protecting PHI is knowing what to do in case of a breach. So every member of your team should know his or her role and responsibilities in case of an incident. And if you are in a leadership role, make sure your incident response plans are designed to minimize damage in the event of a breach.
Lunarline understands the unique cyber security needs of health care organizations, and we have custom solutions to address them, including training courses and certification programs designed for health care personnel, and comprehensive health care security consulting. For more information about Lunarline and our security solutions, visit us online or contact us today.