Putting security first: the right priorities for real protection

Too many healthcare IT organizations make excuses for their failure to build a strong risk reduction program
By Kurt Hagerman
January 27, 2015
03:02 PM

Perimeter defense

Perimeter security plays an important role in ensuring the security of your information.  DoS/DDoS mitigation helps ensure the availability of PHI. IP reputation management blocks known bad IPs at the edge of the network before connection requests get to your server/applications.

Web application firewalls are also valuable as they protect websites and applications against attacks such as SQL injection, cross-site scripting (XSS), URL parameter tampering, session-hijacking and other application-layer attacks.

These controls are especially helpful for healthcare IT for a reason. They permit legitimate transactions while preventing attacks from impacting performance. They help protect the speed, uptime and data availability that can impact patient outcomes.

In the end, there’s simply not an easy button for healthcare IT security. All of these controls require effort, diligence and skill. But they do safeguard data – and doing this security work will cover much of the compliance work you would have to do anyhow. By focusing on security first, you build a shield of protection that safeguards data and satisfies the core of HIPAA compliance.

2. There’s an entry price for healthcare IT.

During the course of a typical security discussion, people complain that they can’t afford another server or that encryption is too expensive. If that sounds familiar, here’s the straight talk: you can’t afford not to invest in these things.

Consider the alternatives, after all. Just one breach can mean any or all of:

·      Lawsuits

·      Penalties

·      Massive costs of complying with Breach Notification laws

·      Investigation costs

·      HIPAA fines

·      Brand damage

A severe attack can put you out of business. Studying the list above, security is absolutely the more affordable path. Every organization needs to realize, up front, that there’s a minimum cost to participate in healthcare IT.

The franchise plan

Consider it akin to buying a franchise. You can’t start your own version of a fast food restaurant chain. You need to pay the franchise fee and then build a restaurant according to their blueprints and guidelines. The headquarters will also vet your balance sheet and assets to make sure you’re financially capable of building an appropriate franchise to ensure that your efforts don’t reflect badly on them.

A healthcare organization is no different. While hospitals, clinics, insurers and other entities may technically function as separate businesses, all of them are beholden to certain regulatory laws. Organizations that claim they “can’t afford” real security are eventually going to pay a much higher price in the form of a breach. There simply is no escaping the entry price of healthcare IT.

Finally, remember that the heart of compliance and security is protecting other people’s privacy. Treat PHI as if it were your medical records at stake and build the risk management program your data deserves. Your organization will be that much closer to HIPAA compliance – and you’ll also enjoy a stronger, higher-performing environment.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Atrium Health responds to new social engineering attack
Vendor Notebook: New cybersecurity and EHR performance upgrades 
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

More Stories

HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable