Nov 13
2012
Act Rather Than React: Safe Guard Your Practice by Taking a Proactive Approach against Healthcare Data Breaches
Safe guarding against healthcare data breaches is a proactive approach to protecting your practice, not a reactive one.
As has been noted recently by Healthcare It News, healthcare data breaches occur frequently, and as I have previously reported, most of them are inside jobs.
That aside (I’m not trying to dismiss the importance of this fact, just trying to move this piece along as I know your time is limited), many can be prevented by employing the proper information systems like two-factor authorization, but nevertheless, the costs of cleaning up after a breach is most more expensive than they are to prevent.
According to Healthcare IT News, healthcare data breaches are incredibly expensive procedures which are piled upon by investigations, notifications and follow up. With that, let’s take a look at some steps that you can take to safeguard against data breaches.
According to the magazine:
Cast a wide net: Ensure you assess your practice’s capabilities for dealing with a data breach. Establish a plan, bring in the practice’s appropriate leaders who can drive the practice forward and work to educate employees of the importance of data integrity. “This might include subject matter experts from cross-functional areas like IT and operations to human resources, or compliance and legal to other key supervisors or managers,” writes Healthcare IT News.
Here are a few additional points from the magazine’s report:
• establish protocols for tasks
• create timelines
• establish communication among the team to ensure everything runs as smoothly as possible.
Know thy data: Take stock of your data. Start with reviewing current and past projects, reviewing current documentation and how your practice typically gathers information. “One of the key components of any assessment is determining how personal health information (PHI) and electronic personal health information (EPHI) are received, stored, transmitted, accessed or disclosed. Once you have fully scoped your assessment, you can begin gathering the relevant data.”
Address your practice’s vulnerabilities: Known or unknown, this is the time in which you begin to putting your plan in place. This is the point of your plan in which you push play.
Document everything: Since you’ll need everything in writing as part of the process, you’ve got to prepare by making sure all of your processes, data and processes are in writing. According to the magazine, “Not only do those reports then become a historical document for an organization’s administration to refer to in the future, they’re also proof that a provider has performed due diligence around responsibilities for storing confidential data.”
Follow up and engage often: Don’t just put a process in place, but follow up on it. Adjust the process as needed and address any potential red flags immediately. Not doing so is paramount to failure. Silence is consent and if you become aware of an issue that you don’t address essentially is guilt by association.
Check your progress: Take stock of your risk assessment on a regular basis, “especially after a change in technologies, administration, regulations, or business operations.”