When you talk to leaders in healthcare information technology about their top concerns, one theme keeps recurring: security.
In one healthcare technology survey, 52 percent of respondents cited security as an area where they planned to make upgrades in 2017, with app security and network security at the top of their lists. Federal data shows they’re right to worry, with breaches compromising patient information and costing health systems millions of dollars.
With the risks to both patients and providers in mind, here are several tips for strengthening healthcare information technology security.Survey Says
The survey of 95 healthcare executives about their priorities for 2017 was conducted by Healthcare IT News. After security, respondents said they planned to make upgrades in analytics (51 percent), patient engagement and population health (44 percent each).
When asked, “Which security issues will your organization be focusing on the most in 2017?,” 20 percent reported network security and 17 percent said app security.
Given the statistics involving breaches in network and app security, leaders have good reason to bolster those areas, with hacking, phishing and ransomware incidents happening almost daily. And mobile devices pose their own challenges.
Mobile Devices at Risk
While mobile devices have revolutionized communication in healthcare for the better, they’ve also made the industry more vulnerable to data lapses and attacks.
According to the Department of Health and Human Services' Office for Civil Rights, it’s increasingly common for mobile devices in particular to be involved in data breaches.
Between January 2015 and the end of October 2017, there have been 71 breaches reported to the Office of Civil Rights that involved portable storage devices, laptops, smartphones and tablets. In all, more than 1.3 million patients and plan member records were exposed.
In one of the largest penalties, a hospital in Texas paid $3.2 million after the theft of unencrypted mobile devices impacted more than 6,200 individuals. And there have been multiple other multi-million dollar penalties for similar breaches.
Preventive Security Care
Experts say the majority of data breaches can be prevented by having simple security best practices in place, such as requiring mobile device data to be encrypted. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule doesn’t require such encryption, but the benefits are clear.
Other security tips and best practices include:
- Having a full inventory of all devices that have access to protected health information, especially if your hospital has a Bring Your Own Device (BYOD) policy.
- Including in your BYOD requirements the ability to remotely wipe devices of all data if they’re lost or misplaced.
- Using digital Two-Way Radios instead of smartphones
- Allowing access only if the devices have the appropriate security controls in place, for instance, screen locks with strong passwords.
- Requiring regular staff training on privacy and security.
- Using only one of the secure smartphone apps for healthcare for texting and other messaging.
- When they’re away from the hospital, instructing staff to never use public WiFi to remotely access healthcare information and to use a secure virtual private network (VPN) instead.
- Conducting a full risk assessment to identify vulnerabilities in every element of your operation related to data, including mobile devices and more.
Hope for the Best, Prepare for the Worst
Even organizations with airtight data security plans in place are just one unlocked mobile device screen away from a costly breach. So while taking steps to strengthen healthcare information technology security, it’s important to also be ready if something goes wrong.
Research suggests that organizations that have invested in business continuity management and disaster recovery services recover more quickly than those who don’t. So while you hope for the best when it comes to cybersecurity, also be prepared for the worst.