Monthly Archives: January 2018

Finding A Healthcare Cybersecurity Plan For Your Organization

Posted on by

While I cannot stress enough that security does not equate to compliance as far as healthcare is concerned, it is still true that securing important systems in your health organization goes a long way toward meeting regulations—and living up to the trust of your patients.

In many cases, compliance may need to go beyond HIPAA regulations. A recent survey conducted by Accenture and the American Medical Association (AMA) revealed that 4 out of 5 surveyed doctors had experienced some kind of cyberattack. Concern in the medical community is widespread, especially when a breach can compromise large amounts of critical information. Among healthcare providers, sharing data has become the norm to ensure a seamless experience for patients, but this also creates more potential for a security breach.

Since every practice is different, it comes down to them to formulate a plan on how to tackle cybersecurity to reach compliance—or go beyond, if it comes to that.

However, the rise of organizations dedicated to helping care providers achieve compliance can offset some of the difficulties inherent in cybersecurity. With smaller hospitals and practices, it can be difficult to justify having an on-staff IT expert to handle data management. In many cases, these organizations will either spend money on a full-time staff member that they don’t necessarily need, or let data concerns fall by the wayside. This is where hiring third-part IT experts comes into play; organizations can get as much work done as necessary without having to worry about the logistics of recruiting staff.

And regardless of who is responsible for a care provider’s cybersecurity, a comprehensive audit of all systems involved may be necessary to prevent future breaches. Systems that may not necessarily involve patient data may become compromised, leading to poor security elsewhere. The American Health Information Management Association (AHIMA) has published toolkits to prepare for HIPAA audits, and has praised the merits of good information governance by going beyond what is required for regulatory compliance.

This is when risk assessment becomes important—knowing the path that information takes as it moves in and out of an organization is the first step to ensuring that it is safe. Understanding the way systems are connected and even the non-technological ways data can be compromised is increasingly important in the modern environment. Even beyond theft, making backups is important, as is having a disaster recovery plan in the event of an environmental cataclysm.

The fact is, audits can often reveal vulnerabilities that your organization may not have been sure existed. They also create opportunities for a care provider to reevaluate their IT practices and find a better option in a third-party if the situation calls for it. Take the time to rethink your needs and develop a plan that is ideal for you.

The New Age of Data Compliance

Posted on by

The constant advance of tools necessary to generate and share data has created an environment in which developments are made by increments and security measures struggle to keep up with the latest variety of cyber attack. Indeed, many corporations have fallen victim to these new threats, and even a small breach can cost a company dearly in both money and reputation. Perhaps the most egregious example of this has been the recent Equifax breach, which compromised customer information and sparked a discussion about the efficacy of cybersecurity.

As they say, an ounce of prevention is worth a pound of cure, and that’s where information compliance comes in. It’s worth noting that compliance is not the same thing as cybersecurity. While security is IT-centric and often a futile effort due to the ever-changing nature of threats, compliance simply involves promoting best practices in corporate communities to prevent a potential breach. A staggering number of cyber attacks are made possible due to the negligence of employees, and it’s up to corporate leadership to ensure that all are informed of the ways they can prevent a click from turning into a catastrophe.

The benefits of compliance are manyfold. Again, the difficulty in implementing security solutions that account for a business’s needs, budget, and information distribution means that compliance is more important than ever. This is also due to in-house IT often being outmoded; there’s a good chance that, if your company does not work in technology, that better out-of-house options are available. Additionally, reducing the risk of a cyberattack is valuable from a legal standpoint. Compliance also helps provide thorough documentation that allows for a better response in the event of an attack.

So how does a business leader implement good compliance practices in an impactful way? It can often be difficult to steer an entire business in this direction, especially considering that one case of negligence can lead to disaster. Many make the mistake of believing that any such initiatives should be IT-led when in fact the department should just guide teams in the right direction rather than wasting time micromanaging the entire effort.

Education is an important step in the right direction. Even with thorough countermeasures in place, a simple email phishing scheme can spread quickly if not avoided. Recognizing fraudulent emails is a great topic of conversation, as is creating strong passwords. This may require giving employees access to certain files or documents on an as-needed basis. It may seem like an unnecessary hassle, but it cuts down on vulnerability and allows for the original threat to be isolated and tracked.

Of course, even if all of this information is imparted to employees, there’s still the matter of convincing all staff members to abide by it. I cannot stress enough the importance of a business being “all-in” when it comes to compliance. Therefore, change should start with leaders and work its way down. The tools necessary to ensure compliance should also improve the quality of an employee’s life; if they are forced to take extra steps, they are far less likely to adopt these new measures. Thoroughly research solutions to compliance and work to automate as much as possible. Check websites pertaining to your industry for more information about compliance guidelines and ways to safely share information. Governmental regulations should also be researched and observed.

Ensuring proper compliance can be a difficult task, but far worse is the prospect of lost or corrupted data. It is up to corporate leaders to choose to adopt a culture of compliance and enforce the standards that continue to become more and more necessary in the wake of devastating cyber attacks.