By Jenifer Rees, Principal Quality Engineering Consultant and Andrew Hosch, security and development groups, Base2 Solutions
Because healthcare organizations have a great deal of patients’ personal information, including credit card data, insurance details, and sensitive medical information, they are an appealing target for hackers. Hospital data breaches accounted for 34.5-percent of a record-high 1,093 total breaches in 2016. A data breach would put patients at risk for identity theft and ransom – something no executive wants for their organization.
Recovering from a data breach means minimizing the negative effects of the breach, reevaluating and changing security protocols, and rebuilding trust. It’s much more effective – and safer for patients – to make sure data is secure before a hacking attempt, so the company can avoid this problem in the first place.
That’s why Health Information Trust (HITRUST) is the source for health information systems protection. The HITRUST Common Security Framework (CSF) offers proven protection to help organizations efficiently follow HIPAA security requirements. It allows them to painlessly transition to new protocols, while keeping practices consistent across the board.
A company can do everything right as an organization – but what about their vendors? From the software companies that do the billing, to the companies that sell the equipment, requiring them all to be HITRUST certified will help protect patient info.
The CSF can be scaled for any organization, no matter how large or small, and can be customized as needs change over time. This level of flexibility allows executives to make any changes they see fit for their organization, without worrying that security protocols will hold them back.
Holding healthcare vendor organizations to a higher standard benefits everyone, from patients to executives. While making business decisions for an organization, it’s important to plan for a future that includes data security and patient trust. This higher standard also adds credibility to an institution, allowing partners to feel confident in future business arrangements.
Once a company’s vendors achieve HITRUST certification, it will be possible to showcase a commitment to security and allow people to feel safer in trusting the organization.
The best time to start is now. Work with an independent CSF assessor to help evaluate the organization’s level of compliance and make the transition as easy as possible.
About The Authors
Jenifer Rees, a Principal Quality Engineering Consultant for Seattle-based Base2 Solutions, is a Certified CSF Practitioner (CCSFP) CSSLP, (ISC)². She is a skilled Security Engineer with demonstrated security competency within the software development lifecycle
Andrew Hosch runs the security and development groups at Base2 Solutions and is a Certified CSF Practitioner (CCSFP) Certified Nessus Auditor, CWATP, CISSP, (ISC)². He is a veteran IT Operations Director and Technologist experienced in aerospace systems integration, technology strategy, and leading QA, Security, and IT teams.