Experience the Definitive Advantage
Start a free trial today and get access to the most comprehensive source of healthcare provider data on the market.
Our Provider Databases
There were more than 351 reported healthcare data breaches that impacted 500 or more individuals in 2018. These breaches exposed more than 13 million individual healthcare records. We’ve compiled a list of the top five ways you can protect your organization or care facility from data breaches and avoid cyberattacks.
HIPAA (Health Insurance Portability and Accountability Act), established in 1996, safeguards patient data privacy and security when collected and shared by medical professionals. It also reduces healthcare costs by standardizing how electronic medical records are transmitted. This legislation is becoming even more vital in light of the data breaches, cyberattacks, and ransomware attacks that have targeted care facilities and insurance providers.
To be considered HIPAA-compliant, software must include the following features:
Besides adhering to HIPAA security guidelines, software must also be accessible to staff and administrators using the technology installed in hospitals and other care facilities – which can be a difficult balance to strike.
Human error played a factor in more than 20 percent of data breaches according to a report from Verizon, with 34 percent of attacks involving actors inside the targeted organization. Ignorance of common phishing techniques can leave an organization at risk of malware introduction and other breaches. Through security trainings for users, organizations can reduce the effectiveness of these social engineering techniques and improve resistance to data breaches.
Some examples of best practices include:
Effective training can include refresher courses on how to appropriately handle patient data. If there are grey areas or common questions around HIPAA compliance guidelines, it would be beneficial to hold a booster training for staff members. Conducting an internal audit is also useful for keeping staff updated on the latest healthcare regulations, which are constantly shifting. If your organization is switching software vendors or installing a new system, that could be an ideal time to ensure data security compliance.
This may seem like common sense, but limiting data accessibility by role is one way to enhance overall security. If only essential personnel can access sensitive data – like complete patient histories, payments, etc. – that will reduce the risk of theft or accidental security breaches. If a breach does occur, the pool of responsible actors is also smaller, enabling the organization to identify exactly where the breach originated. This also requires user authentication, which bars those without credentials from accessing the system.
In addition to restricting access and requiring user authentication, IT experts recommend requiring password changes every 60 to 90 days to further reduce the risk of hacking. The best method, however, is two-factor authentication – which pairs a password with an additional verification method, such as thumbprint, security question, or a text.
Sensitive data should never be stored on personal devices, which can be easily stolen or hacked. Instead, sensitive data should be stored in secure on-site locations or on the cloud. If storing sensitive data on the cloud, your IT department will need to secure the endpoints of data access, encrypt data, and fully understand the shared responsibility model. Both of these methods allow users to access the data from workstations and remotely without sacrificing security. Some organizations even install “wiping” technology on user devices, which would eliminate sensitive data from user devices if they were lost or stolen.
Users accessing the system remotely should be able to do so in a secure fashion, generally through a virtual private network (VPN). A VPN creates a temporary link from the user’s device to the network, allowing for protected data retrieval and sharing. An organization’s IT department is responsible for upholding the integrity of the network through firewalls and antivirus solutions.
Looking for more information? Definitive Healthcare tracks healthcare IT news and intelligence as well as software installation data for more than 8,800 hospitals and IDNs. Sign up for your free trial today!
BLOG: Breaking Down The Healthcare Wearables Market
BLOG: Top 10 Ambulatory EHR Vendors by 2019 Market Share
INFOGRAPHIC: 4 Technologies Enabling the Outpatient Market
DEFINITIVE LIST: Hospitals with the Highest IT Operating Budget
WEBINAR: The New EHR is Here -- How to Capitalize on Emerging Technology Trends