Patient data has been put at risk over the last few years. A potent combination of determined cybercriminal attacks and negligence has repeatedly exposed sensitive health information.
When the Ponemon Institute surveyed healthcare organizations last year, it found that nearly 90 percent had experienced a data breach in the past two years, and a shocking 45 percent had suffered more than five data breaches in that same two-year period.
Despite these striking totals, many healthcare organizations are still falling short in their efforts to protect Patient health information properly. A midyear report from Protenus reveals that there have been 233 breach incidents in 2017, affecting 3.1 million patient records. That puts the industry on course to exceed last year’s record of 450 breaches.
Healthcare organizations can and should do better. Here are three critical challenges that must be overcome if protection of ePHI is to meet everyone’s expectations.
Improve visibility and management Enabling the sharing of patient health information digitally enables the delivery of better quality healthcare, but it creates a major challenge for any organization accessing and securing information from a patient. Compliance with HIPAA is vital, but that doesn’t just mean protecting data when it’s under an organizations roof; it also must understand and manage the risk as PHI moves to external business associates and vendors.
The average cost of healthcare organization data breaches was $2.2 million for the direct target of the breach and more than $1 million for their business associates, according to the Ponemon Institute. Any defense is only as strong as its weakest link, so risk assessments and security solutions must stretch beyond an organization’s premises. There's a palpable need to secure and protect patient health information, as it moves within the organization, or across organizations between covered entities and business associates and vendors.
Eliminate fragmentation and siloed security As enterprises adopt a hybrid approach and migrate their on-premise infrastructure to the cloud, the specter of shadow IT must be dealt with. Too many healthcare organizations don’t understand what cloud services and applications are being used. The average healthcare organization uses 928 cloud services and uploads 6.8 terabytes every month, according to a SkyHigh report.
One thought on “3 critical steps to better protect patient health information”
“Compliance with HIPAA is vital” – excellent point! Great subject and it’s necessary to raise the awareness of software developers and owners about this. For those who want to learn more about a topic, here is a deeper guide on HIPAA-compliancy – http://bit.ly/2jkeV8Q