The following is a guest blog post by Scott Ruthe, Chief Information Security Officer at Ciox.
Major, well-publicized data breaches in a variety of industries have brought focus to the undeniable importance of data security. Nowhere is the need for better security practices more prevalent than in health care. In an industry where the information stored and transmitted is personal, practices have changed very little in the last 20 years and the implementation of technology is lagging.
More than ever before, our health data is being shared. Connected. Studied. Aggregated. And as more health care companies, universities and scientists, insurers and health data analysts gather our data in sets and store them in the cloud, our need for best practices in data security only increase. Here are three important tips for achieving better data security in health care:
- Start with the basics of data security hygiene
Luckily, 80 percent of breaches can be avoided with basic measures of data security – simple security actions and audits that every health care company can do to greatly reduce its likelihood of a data breach. From updating patches on-time to limiting the number of users in the environment with administrative access, fulfilling the basic expectations of data security can prevent four of every five data breaches from ever occurring.
- Validate your vendors
Companies should take a sharper look at the vendors they are choosing. While organizations increasingly entrust their data security to cloud service vendors, opting for a cloud-based model does not alleviate the responsibility of data security from the originating health care company. As such, choosing the right vendors is a critical part of the data security mix – perhaps the biggest issue across industries.
One of the most effective methods of health care data security is to review the vendor’s third-party audits, preferably a HITRUST CSF or a SOC2. Both audits provide a common, standardized report for companies working with and sharing health data.
Health care companies often have limited insight into what their vendors are doing from a security perspective and have even less visibility into the security practices of a vendor’s list of subcontractors. With a HITRUST CSF or a SOC2, the vendor’s security practices are assessed and ensured all the way down the security rabbit hole. If a vendor does not have a third-party validation, such as HITRUST or SOC2, then the health care company should consider a validated alternative.
- When it comes to IT staff, train and retain
At the same time, health care organizations themselves must manage their data well, which makes the effort to hire, train and retain quality IT staff especially critical. Developers and network engineers are an important part of the team in the digital era, as data analytics and governance are growing. There are so many technologies that stack on top of one another, and so many changes that happen quickly. It is far more expensive to be left behind or to replace outdated technology and people, than to keep and retain an up-to-date environment.
Critical data demands better security
The health care industry is poised for a data revolution. The countless terabytes of health care data generated, accumulated and transmitted between parties contain critical information: the population health data sought by government and life sciences organizations, the risk adjustment information needed by insurers, the clues about effective and under-publicized treatments for providers, and the knowledge needed to drive better health outcomes for patients.
With the capabilities that will define the next generation of health care comes a risk of increased vulnerability to data breaches. Therefore, it is imperative that we set in place data security practices that honor our regulatory expectations and our best efforts to protect sensitive information. For those companies that get it right, the future looks very bright.
Ciox, a health technology company and proud sponsor of Healthcare IT Today, is dedicated to significantly improving U.S. health outcomes by transforming clinical data into actionable insights. Combined with an unmatched network offering ubiquitous access to healthcare data, Ciox’s expertise, relationships, technology and scale allow for the extraction of insights from structured and unstructured clinical data to create value for healthcare stakeholders. Through its HealthSource technology platform, which includes solutions for data acquisition, release of information, clinical coding, data abstraction, and analytics, Ciox helps clients securely and consistently solve the last mile challenges in clinical interoperability. Ciox improves data management and sharing by modernizing workflows and increasing the accuracy and flow of information, while providing transparency across the healthcare ecosystem and helping clients manage disparate medical records. Learn more at www.ciox.com.