Government & Policy

10 strategies for protecting patient data in 2015

By Rick Kam
January 13, 2015
08:17 AM

I recently looked up the origin of the word patient. According to one source, it “comes from the Latin ‘patiens,’ from ‘patior,’ to suffer or bear.” I found this definition disturbing, because I believe that most patients actively participate in their health care.

Patients have little or no control over the privacy of their data, however, that’s the provider’s job. That is a whole lot harder than it used to be, given the increase in PHI-related data security incidents.

Strategies for managing incident response have not kept pace with evolving threats and changing regulations, which puts patient data and health at even greater risk.

[Related: The scariest aspect of the Sony hack for healthcare.]

Here are 10 strategies for both covered entities and their business associates to safeguard patient information in 2015 and beyond:

1. Demand organizational leadership engagement. Workforce training and safeguards alone will not be effective. Organizational leadership must embrace and champion compliance as it would any other component of the organization’s value chain. Leadership must visibly and actively foster a culture of compliance throughout the organization by setting expectations and holding all workforce members accountable to the same standards

2. Make incident response management a priority. Organizations must make use of smart and purpose-built software automation for assessing incidents and managing incident response, to better mitigate risks to their patients, reputation, and bottom line.

3. Find and identify your data. Organizations need to know where their data lives, where it travels, and in what form (encrypted, identified, de-identified, etc.)

4. Control PHI workflow and minimize necessary workforce access. Organizations must find ways to better control PHI workflow within the organization, and movement outside the organization. This not only includes safeguarding it from impermissible uses and disclosures, but will also require integration of HIPAA with other health information protection activities to ensure a single point of control within the organization.

5. Assess risks. Organizations must have solid processes in place for assessing risk with new systems, devices, services and partners and determine how best to use their power as purchasers to weed out those that don’t meet best security practices.

6. Prioritize third-party vendor management. Organizations will need help with third-party vendor management to strengthen oversight and review processes. Note that smaller Business Associates are particularly vulnerable since they may not have as many resources to devote to security and compliance, and may be more likely to experience a data breach.

7. Get proactive. The healthcare industry needs to take a proactive stance when it comes to regulations to protect patient health information. Companies that go above and beyond baseline protection requirements will be seen as industry leaders, and patients will choose to use their services over others.

8. Make privacy an integral part of new technology adoption. The pace at which new technology is being introduced into the healthcare industry is increasing, with thousands of new health-related mobile applications available this year, devices such as Apple Watch, and the Internet of Things. But we have little evidence that patient privacy or security features are being considered. The healthcare industry and its technology service providers need to dramatically improve how they take advantage of existing technology as well as how they design, construct and deliver new tools.

9. Measure to improve. You can’t manage what you can’t measure. The healthcare industry needs to get better at determining key metrics to continuously measure and improve security postures.

10. Look for "non-standard" systems as potential PHI data stores. In particular, voicemail systems, customer service call recording systems, and closed-circuit television systems could all potentially be storing PHI, but may not be as carefully safeguarded as traditional IT systems such as EHRs and patient billing.

Rick Kam is president and co-founder of ID Experts and chair of the PHI Protection Network, which will host its third annual conference in February 2015. 

Related articles: 

Will 2015 be worst year yet for health data breaches?

Is 2015 the end of the road for meaningful use? 

The cybersecurity cold war is on

 

Topics: 
Government & Policy

More regional news

HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
HHS Building

Trump picks RFK Jr. to lead HHS

By
Susan Morse
November 15, 2024
Sign outside FDA office

Lawmakers ask CDRH to revisit its CDS guidance

By
Andrea Fox
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

The Light Collective amplifies its call for patient data rights
Clinical IT leaders on meeting CMS' mandate for patient data access
Epic and Oracle Health sign on to Veteran Interoperability Pledge
Texas AG settles with clinical genAI company
Interoperability in healthcare moving forward despite challenges
What Loper Bright and the end of Chevron deference mean for HHS

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

Mike Relli at Knight Consulting_Global Health Equity Week 2024
New approaches to improving healthcare access for justice-impacted individuals
HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable