When you have a patient give you their personal information, you are being handed over something valuable. Not only are you now in control of their personal data, but you are also in control of their trust. Any healthcare facility should pride itself on being worth that exhibit of faith. Here are eight steps that you can follow to keep their data secure and your patients happy.
1. Treat all data as an asset.
Nowadays almost everything is hosted in the digital world. From hospital records to personal credit reports, we are now more vulnerable than ever to cyber threats. Understanding that your patients’ information is valuable, and vulnerable, is the first step you should take toward protecting it.
2. Follow strict encryption policies.
One of the most common routes that data breaches follow involves lost, or stolen, company technology. Much like you will see in James Bond, laptops and flash drives can be stolen and profited upon. Knowing this, you should make sure to always encrypt your practice’s devices. There are several encryption services available that are well worth their price, if only for your peace of mind.
3. Keep flash drives out of the office.
USB flash drives are one of the most common ways to transfer data in the world today. They are quick and easy to use. Simply plug them in, download the information, and leave. Our suggestion is to keep them entirely out of your facilities for just those reasons. You do not want your data to be vulnerable to such a small and easy-to-conceal piece of technology.
4. Perform evaluations on authorized users.
Before giving an employee access to any sensitive documents you need to make sure that they are trustworthy. By going through a strict background check you can weed out possible issues before they occur. Even past the background check, you would do well to randomly perform audits to see what employees have been accessing while at work. This is a simple yet effective way to keep people honest.
5. Establish a protocol for passwords.
As hackers learn new techniques to brute force their way through password fields, hospitals have to respond in kind. Developing a strong password system for all of your authorized users can be a great way to stay ahead of the curve. Use symbols, numbers, and other odd combinations. Implement a cycle that requires users to change their passwords every month or two.
6. Back up your data and then encrypt it!
We have all been on the precipice of losing the data on our hard-drive at some point. Whether the problem was due to computer failure or a security breach, the outcome is the same: disaster. Make routine backup copies of all pertinent data. After the backups are made you should then encrypt them and put them into storage. Once the company no longer needs the data, these backups should be destroyed.
7. Stay up to date on security patches.
One of the simplest ways to find yourself vulnerable is by being lax in regards to patching software. Many developers have to continually patch their releases to keep them safe and ahead of possible security threats. Run a scan to ensure that all of your software is up to date.
8. Have a response team ready for any issues.
When a security breach does occur, if it ever occurs, you will want level-headed people in the room with you. Having a response team picked out ahead of time, available 24/7/365 will mean you have prepared, reliable, and steady people ready to fix things at a moment’s notice.
Steven Saslow
As the Vice President of the Information Technology Group (http://www.itgct.com/), Steven believes that customer satisfaction in IT is ultimately created through proper engineering. He is passionate about helping organizations troubleshoot and discover the technology they need to reach their goals. See more IT tips for healthcare on the ITG blog (http://www.itgct.com/information-technology-blog) and on Twitter, @ITGCT.
P
