Guest Column | September 18, 2015

Tips To Boost Your Healthcare Data Security

By Geoff Bibby, VP of Marketing, Zix Corporation

Let’s face facts — security breaches are on the rise to the point that it’s not a question of if, but when the next organization will fall victim.

For years, the majority of the healthcare industry has invested in data protection measures to thwart security threats, and the reasons were clear; healthcare organizations collect, manage and exchange a gigantic amount of personal information on a daily basis. The Health Insurance Portability and Accountability Act (HIPAA) requires organizations to maintain the proper data protection measures to meet compliance requirements and to protect the private data of patients.  

However, with the increased use of EHRs, the need to provide real-time access to patient information, and the expanding scope of mobile devices, the task of safeguarding protected health information (PHI) has become infinitely more challenging.  

Now, more than ever, focusing on data protection is absolutely imperative. By considering the following data security tips, healthcare organizations can prepare themselves to protect patient information properly.

  • Keep an eye on mobile devices: Smartphones and tablets are easy connections to work while inside the office or out on the go, but they aren’t always secure. Employees may be reviewing PHI and corporate information on the train to work, in restaurants with their families or while traveling on vacation. The scary thing is that those devices are conveniently small and therefore very easy to lose. Understand what data employees need to access most and ensure you have a plan in place for when a device goes missing or gets stolen.
  • Secure email: The amount of sensitive data exchanged via email within any industry, but particularly healthcare, is exhaustive. From social security numbers to medical records to patients’ home addresses, data is vulnerable when sent via unsecure email. A necessary step to remaining HIPAA compliant is by encrypting email. If left unencrypted, emails containing sensitive information are just sitting ducks for hackers.
  • Watch over electronic equipment: Encryption isn’t a good solution for email alone; it helps to protect data stored on computers and USB devices as well. Whether these items are lost or stolen, encryption can provide a line of defense against unwanted eyes. It is easy for criminals to steal a laptop or USB and, without proper encryption, they could have easy access to all the patient information present on that device.
  • Strengthen the weakest link (hint, your employees): While your employees may be your company’s greatest asset, they might also be your biggest weakness. Many good-hearted, well-intentioned employees make mistakes sometimes, but the few malicious employees tend to go unnoticed. Deploy a data loss prevention solution that takes care of both.
  • Properly dispose of paper records: Moving to an EHR system wasn’t (or perhaps still isn’t) easy. Don’t make matters worse by improperly disposing of the old print versions. Prevent your patients’ private information from ending up in a dumpster or recycling bin behind the facility by investing in a shredder or shredding services

If you work for a healthcare organization, these tips will assist you in continuing to secure PHI, maintaining patient trust and boosting overall data security.