• Industry News
  • Law & Malpractice
  • Coding & Documentation
  • Practice Management
  • Finance
  • Technology
  • Patient Engagement & Communications
  • Billing & Collections
  • Staffing & Salary

Combat Data Breaches Using Training and Technology

Article

A data security expert urges healthcare organizations to give a sweeping look at data security, using training and technology.

Cybercrime is an enormous issue in the healthcare industry. Protected health information (PHI) can be very valuable and a breach of data can carry with it financial and reputational costs for both healthcare organization and patients. An annual threat report from Symantec, a security software company, found that healthcare data breaches increased 22 percent from 2015 to 2016

With the acceleration of data breaches and deployment of new technology in healthcare, practices of all sizes need to stay on top of data security. Physicians Practice recently spoke with Ermis Sfakiyanudis, the president and CEO of Trivalent, a data protection software company, to find out how practices can avoid future breaches.     

What is the biggest challenge healthcare organizations face when it comes to data security?

Ever since healthcare accepted mobility as part of its core offering, it's been tougher and tougher to get your arms around how data is being used and how it's being protected. The challenge that healthcare has is exacerbated by the fact that you're regulated and you have people's really personal, private information. Most healthcare organizations struggle with devices being brought in from the outside, information being taken outside the four walls of the practice or hospital. Home healthcare has increased that challenge. 

In healthcare, which is the larger liability, employees or technology?

It's really a combination of both. You want to enable your workforce to provide the best service to the patients as possible. Giving them devices that allow them to not be restricted to a desk, but to get out and be where the patients are is a big trend. The challenge is they have to store the data somewhere. The devices [they are using] can then be lost or stolen. You take a device that has patient records on it and it's stolen or left at a coffee shop, then you have [a] serious HIPAA violation.

Is it a lack of training that leads to data breaches occurring?

Training and awareness is a critical piece of the equation. Making sure your staff understand that the data they have belongs to someone else, and that it's important they safeguard that data with the same care that they would their own. There's a technical aspect of training that goes along with that. The employees [need to] understand where the devices should [and should not] be, how to take care of them, how to not leave them on when they are at a coffee shop, or leave them in the car when they are not there. Those are all best practices that employees should be trained on.

 What are your suggestions for healthcare organizations protecting their data?

There are all kinds of things [healthcare organizations] should be doing. Documenting who has devices, understanding which roles in the organization need what access to data, and employing technology that assumes devices will be stolen and breached. Healthcare organizations need to utilize technologies that change the property of the data so that it's unusable to an unauthorized user. Access control granted by role is common these days and should be part of your practice. This ensures that folks who need to have access to the data are allowed to have it, and folks that are not supposed to don't have the credentials to get to that data. For example, network administrators have access to the network at all times to keep it up and running, but they don't need access to the data itself.

Do you have personal experience with healthcare organization breaches?

Healthcare folks want to provide the best service to their patients, they will sometimes go outside of the policy to do that. Take things on a personal device or use text messages to transmit health information. We see a good bit of that, there's no ill intent, but they are not following the policy for the sake of expediency. That's where you're giving your folks the best technology to enable them to do their job, and providing strong training so they understand why the policies are in place.

What advice do you have to practices to ensure their data is protected?

Take a look at [data security] [comprehensively]. That's a challenge sometimes when you're looking at an organization. Make sure that you understand what your doctors are trying to accomplish in terms of services they are delivering to the patients and look at your technology as an enabler for that. When you look at your organization, say 'Ok are we going to be actually going out to the patient's sites? How much data are we collecting? Where does that data live?' Look at the organization from the top down and figure out the technology that best help you enable patient care. Then marry that with a training program that doesn't restrict that delivery of services, but actually enables and enhances it. 

 

Related Videos
MGMA comments on automation of prior authorizations
Erin Jospe, MD gives expert advice
A group of experts discuss eLearning
Three experts discuss eating disorders
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Matt Michaela gives expert advice
Matthew Michela gives expert advice
Matthew Michela gives expert advice
Related Content
cybersecurity | © kras99 - stock.adobe.com

How to prepare for and minimize the impact of cyberattacks

April 18th 2024
Article

With such a broad range of potential security weaknesses, organizations must take a layered approach to IT security.

Digital Marketing for Independent Practices

Digital Marketing for Independent Practices

October 25th 2021
Podcast

Physicians Practice® spoke with Rachael Sauceman, the head of strategic initiatives for Full Media—a digital marketing agency based in Chattanooga, Tennessee—about how practices can best market their services in the digital realm.

paper stack | © Elnur - stock.adobe.com

Automation's role in easing the burden of prior authorizations

April 9th 2024
Article

It’s clear the state of PA must change. Artificial intelligence has a role in streamlining administrative tasks.

The Virtual Waiting Room

The Virtual Waiting Room

October 11th 2021
Podcast

Physicians Practice® spoke with Hari Prasad, CEO of Yosi Health, about how what practices need to know about setting up and making the most of their virtual waiting rooms.

AI talk robot | © Limitless Visions - stock.adobe.com

Improving physicians' people skills with AI

April 1st 2024
Article

AI can help physicians refine their people skills to improve care

phone call | © Pixel-Shot - stock.adobe.com

Alleviating call volume for physician practices

March 27th 2024
Article

The days of “bad ‘bots” are behind us so put smart virtual assistants to work in your practice to reduce call volume, deliver self-service options to patients and improve operational efficiency.

© 2024 MJH Life Sciences

All rights reserved.