IT Security Basics
We know that when it comes to IT security in the healthcare field there is a vast continuum from most to least secure. With different risk factors, budgets, needs and capabilities the IT security situation of each health care provider is unique. That said every provider needs to make sure that they’re at least taking the minimum steps in the immediate future to ensure that you’re not just a costly breach waiting to happen. There are two simple steps that you can take to establish a basic security level that will hopefully buy you time to address the rest of your IT security concerns.
Step 1. Encryption
According to Joy Pritts, Chief Privacy Officer at the Office of the National Coordinator for Health IT, the IT security breaches that have the largest impact are often due to lost or stolen devices. More than half of the major breaches since 2009 that have been reported to the HHS have been tied to lost or stolen devices, particularly laptops. According to Pritts “For those items, there’s a pretty simple solution: encrypt. Encryption methods are much more advanced than they were five years ago, and there really is not a good reason at this point”
Step 2. Internal Policies
One of the other steps that every healthcare provider needs to make sure they take is to implement internal policies and procedures to prevent unauthorized employees from viewing protected patient information. These policies need to be tailored to your unique situation but should be guided by the principle of only allowing those who need the information to do their jobs to view the information. If you do have an internal breach there need to be clear, planned, actions to address the situation.
If you haven’t ensured that these minimum steps have been taken you need to immediately. These are just minimum requirements to buy you time to properly address all of your IT security needs. If you have any questions about ensuring that your IT security needs are being met contact ITPAC today.