Healthcare organizations that rely on their CSO (Chief Security Officer) to handle cybersecurity in their organizations always annoy me. Cybersecurity requires everyone at the organization to be involved in the effort. One person can have a large influence, but your healthcare organization will never be secure if you don’t have everyone working their best to ensure your organization is secure.
A great example of someone who’s often forgotten in healthcare cybersecurity efforts are HIM professionals. Organizations that do this, do so at their own peril. If you’re not involving your HIM professionals in your cybersecurity efforts, I exhort you to do so today.
One of the best reasons to involve HIM professionals in your security efforts is that they’re often experts on the patchwork of healthcare privacy and security laws. It’s not enough to just ensure you’re being HIPAA compliant. That’s essential, but not sufficient.
Healthcare privacy and security are so important, there are multiple layers of laws trying to protect your health information. Or maybe the laws just aren’t well planned and that’s why we have so many. I’ll let you decide. Either way, in your privacy and security efforts you’re going to need to know HIPAA, HITECH, MACRA, and of course don’t forget the state specific privacy and security laws. No doubt there are more and your HIM professionals are likely some of the people in your organization that knows these laws the best.
Beyond the fact that HIM professionals know the privacy and security laws, HIM professionals are usually well versed in ensuring the right access to the right information in your system. One of the biggest form of breaches is internal breaches from people who were given the wrong permissions on your IT systems.
Making sure someone is auditing and monitoring these permissions is a very important part of your cybersecurity efforts. Plus, don’t forget to have a solid process for removing users when they leave your organization as well. Those zombie user accounts are a ticking time bomb in your security efforts. When your employees verify that their records are in order before they leave with HIM, that might be a good time to remove their access.
Another place HIM professionals can help with healthcare cybersecurity efforts is around information governance. More specifically, HIM can help you properly manage your health data and legacy systems. HIM can ensure that your legacy systems are properly managed until their end of life. No doubt this will be done in tandem with your IT professionals who have to keep these legacy systems secure (not always an easy task). However, an HIM professional can assist with your information governance efforts that impact cybersecurity.
In what other ways can HIM be involved in healthcare cybersecurity?
Cybersecurity is always going to be a team effort. That’s why it’s shocking to me when healthcare organizations don’t involve every part of their team. HIM professionals should step up and make the case for why they should be involved in healthcare’s cybersecurity efforts. However, when they don’t, a great leader will make sure HIM is involved just the same.
If you’d like to receive future HIM posts in your inbox, you can subscribe to future HIM Scene posts here.