The past couple of years have been brutal on healthcare IT departments. Breach after breach has put patients — many already struggling with serious health and financial problems — in jeopardy, while making it look like healthcare providers were negligent in their duties. Big data related to health records is climbing in value, while the black market prices for other types of consumer data (like credit card numbers) is falling. This motivates hackers to target healthcare organizations, and they generally are less hindered, due to the outdated nature of many healthcare IT systems and the less-rigid IT security policies. How can your hospital or other healthcare practice stay out of the hackers’ crosshairs?
1. HIPAA Compliance Isn’t All There Is
Sometimes, it isn’t the hospital that gets breached; it’s a partner that handles their big data. HIPAA regulations apply to covered entities, which are usually defined as hospitals, doctors’ offices and clinics, and health insurance providers. But HIPAA can also be applied to business associates of these organizations. Any health plan, clearinghouse, or service provider for hospitals and health organizations is also subject to HIPAA compliance. Make sure any vendors you utilize are aware of this and are in compliance.
2. It’s Time to Make Tech Budgeting a Priority
Hospitals and health clinics are generally among the most forward-thinking when it comes to adopting technologies directly related to patient care (such as next-generation pacemakers and blue-violet LED lighting), but less on the ball when it comes to upgrading the technologies used behind the counters. Healthcare facilities are often stuck using antiquated systems that simply lack today’s stringent security measures. Older medical practice management software was developed before today’s hacking techniques, so these systems are subject to vulnerabilities that are addressed by more modern software. If your system is more of a geriatric patient than a pediatric patient, it probably needs to be replaced. Plus, many of the newer systems feature big data capabilities that allow you to capitalize on better diagnostic techniques and reduce readmit rates, among various other advantages.
3. Invest in Modern Security Precautions
In addition to the latest medical practice management software, hospitals and other healthcare practices need to invest in modern security solutions. This means encryption for data at rest and data in transit. It also means security monitoring at the data, application, device, and user levels. Monitoring tools use big data and analytics to identify suspicious activities in the system that could indicate a security breach. Security monitoring does not replace antivirus software, next-generation firewalls, and other security protocols, but it supplements those to assure that any intrusion that does make it through your first layer of protection is quickly identified and stopped once in your systems. If you read the reports of most of the recent hospital breaches (as well as data breaches in other industries), you’ll notice that many of the breaches occurred over long periods of time. Intruders were in the system for weeks, or perhaps months, before being discovered. With more modern security tools, you’ll be able to identify and shut down intrusions quickly and with skill — before intruders have made off with hundreds or thousands of your patient records.
4. Get Employee Training
The best monitoring solution in the world isn’t as good as a well-trained, highly alert staff. If they know how to stay away from dangerous habits like opening suspicious emails or randomly surfing the Web, and know how to identify potential phishing and other scams, this does more than many monitoring tools and solutions. Make sure your workers are trained on safe internet and email habits.
Healthcare IT security is just one arena in which big data is making a tremendous impact. Learn more about healthcare business intelligence as well as the trends and technologies behind big data by following us on Twitter.