It is time for medical practices to revamp their security model!
On Monday, Community Health Systems announced that an external group of hackers attacked its computer network and stole the non-medical data of 4.5 million patients. The news proves that you cannot turn a blind eye towards data breach. It has not stopped and this one is the second largest HIPAA security breach. Security breaches have affected more than 500 individuals. The security breaches till date, reported to the Secretary of Office of Civil Rights are listed in a detailed summary.
It’s time for a reality check!
The security of patient health information is a top priority for any healthcare service not only to be in compliance with HIPAA but also to assure that patients don’t switch services. The subcontractor who’s business associate of the hospital fails in some cases to ensure that the server which holds patients medical/non-medical data is secure.
What programs need to be conducted by top IT leaders to improve their security model?
Every business associate promises and serves its best to protect its data from all sorts of thefts. But is it right to pass the buck to the business associate or the subcontractor? Shouldn’t the hospitals keep track of updates with their associates from the day they sign the deal? The CIO, CISOs and CSOs of the organisation can learn and run the following programs to improve their security model:
- It’s time for the top security officials of an organisation to understand the various threats that have happened and the need for skilled and accomplished professionals to manage data security.
- The IT security officers should gain more expertise in dealing with risk management. Making the privacy policies tight can change the face of the security model of the organisation.
- The time has come for the doctors, payers and the vendor members to discuss together about their security breach experiences, which will help them come with a stronger security model.
- The members of healthcare organisations need to have a deep understanding of types of security and theft intelligence.
- The security force needs to be educated about the most penetrating threats and how they can protect any security breach.
The below link helps you report a security breach in a particular format http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
http://www.ihealthbeat.org/articles/2014/8/18/community-health-system-reports-breach-of-4m-patients-data
