The biggest vulnerability for healthcare data
It's not getting better. For the Healthcare Industry, at least, it's getting worse.
There has been more than a 26% increase in data breaches in the US in 2014. And according to a recent report from the Identity Theft Resource Center, 214 of the 505 breaches this year have been in the Medical/Healthcare field. This 42% share of breaches is by far the largest number of compromised records in any one industry.
For most of us, the words “Data” and “Records" read like faceless concepts. These compromised ones and zeroes in a computer system could be anything. But data is actually not faceless if you look at what it is made up of: the attributes of identity. A person. A friend, your child, your spouse. You. For organizations fighting for security and compliance, protecting this data is a full time job.
What most of us aren't doing right (yet)
What many networks fail to lock down is data transmission vulnerability. You can build a fortress of a network, but if your data transmission solution isn't secure, your data's vulnerability is something like your assistant or HR manager shouting your Social Security number or credit card number down the office hall to you. Or a doctor casually chatting in public about the results of your recent health exam.
Health data has to move a lot, between healthcare professionals and facilities, and even from hospitals to patients at their request. And data is most vulnerable during communication.
Each touchpoint should have a different set of criteria to transfer the information to the authorized individual. For business to business information sharing, the files can be quite large (image files of X-rays, sonograms, etc), where as a patient requesting their information can be much smaller. When a business associate needs access to healthcare data, you can have a secure trusted connection set up for ongoing communication.
Patients, on the other hand, will request data from unsecure networks so you need to have a method to get them their data in a secure manner. They can request that it be sent to their personal email account from a coffee shop from their mobile device. What method do you use to send it to them? How are you going to verify that it is indeed them that you are sending this very personal information?
Fighting back
It starts with separating your strategies: one for business associates, one for patients. For your business associates, you a solution that has the power to move large files securely and quickly. The market is full of these, but you have to carefully set up the one that works best for your organization.
For your patients, the best and most efficient solution is to set up either a private or public cloud collaboration tool that will grant access their data securely from any device and in any location with an Internet connection. This can be trickier to set up, but the technology on the market has recently caught up with this need. Whichever solutions you choose, there are ways of building them together so they play nice.
Every organization we have worked with in the healthcare industry takes their data security seriously. But most aren't aware how vulnerable data can be in communication.
To learn more, join our 9/17 webinar on HIPAA Compliance: Taming Your Data & File Chaos.
You can also download our 5 Most Overlooked HIPAA Requirements Whitepaper, and feel free to contact me with any questions.