An Inside Job
Medical identity theft is most often committed by insiders at healthcare facilities viewing or taking confidential files. However, even well-intentioned individuals can be at fault. For example, they might send files with patient health information to an unsecured email account or inadvertently send sensitive documents to external recipients. These actions expose healthcare facilities to risk.
For many healthcare organizations, the problem is not so much lack of awareness around security issues, but determining how to provide end-to-end protection for mobile environments. Protecting data on a mobile infrastructure requires security that considers all devices and pathways that are used to store, transfer, and access information. In other words, end-to-end protection requires a comprehensive system of practices, policies, and solutions designed to protect data at rest and in motion.
Data loss prevention solutions can monitor how users are interacting with data and safeguard against unauthorized transmission of sensitive information, mitigate risk of disclosure, and combat medical identity theft:
Content inspection appliances monitor transmission of confidential data over the Internet, including email (SMTP), Web (HTTP), Secure Web (HTTPS), and File Transfer Protocol (FTP). Communications with online apps such as email, social networks, and blogs are inspected for sensitive data, and transmissions are blocked if necessary.
Encryption secures data on laptops, desktops, removable media, and physical and wireless ports on PCs. If lost or stolen, some mobile devices can be remotely locked-down or disabled, and users can even wipe devices' memory remotely.
Enhanced user authentication technologies such as biometrics, proximity cards, and smart cards can also play a role in preventing data loss.
Guard Against Data Loss
Nurse call systems mean that older patients or those in long-term care facilities lead more independent lives while ensuring that members of the medical team are close at hand to help in an emergency. Some systems include active RFID pendants or patient wristbands with wireless nurse call functionality and real-time locating system (RTLS) capability. These systems identify the precise location of the patient and find the nearest qualified medical staff member to reduce response time.
By integrating communications like wireless phones, pagers, and other end points, nurse call solutions ease collaboration among mobile caregivers, and the hospital staff is able to respond quickly and more effectively.
Benefits on Many Levels
To help healthcare organizations follow HITECH guidance on protecting data moving over wired and wireless networks, email encryption and network file share encryption secure data in motion.
File share encryption automates file encryption and controls access to sensitive files—stopping external threats and internal leaks. Files remain encrypted on servers, across networks, and when stored on devices until authorized users open them.
Ambulatory healthcare facilities handle a large amount of sensitive information in digital form, so you too must guard against accidental data loss and security breaches.
The good news is host-based and network-based data loss prevention solutions can help maintain data integrity and control for healthcare organizations of any size.
Your patients aren't the only ones who need preventative care; an effective way to assess your compliance level is to physically follow the path of a medical record from patient registration through discharge. The following questions can help you learn where you stand:
- Is employee computer access limited by job description?
- Are information system security and privacy tools, such as password changes and login timeouts, fully utilized?
- Do all new hires receive HIPAA training? Is it documented?
- Are all providers with access to protected health information required to sign a confidentiality agreement that includes individual accountability?
- Do you maintain and review audit trails of patient record access?
- Have your HIPAA policies and procedures been reviewed, and has compliance with them been monitored?
- Is verbal proof of identity required from callers before protected information is provided?
- Do you have a program to spot the warning signs of identity theft (FTC's Red Flag Rule)?
- Can you provide patients with an audit trail of all disclosures of their protected health information made through an electronic record?
- Do you have a policy for breach notification?
Help Is Only a Phone Call Away
Connection can assess your situation and offer privacy and security solutions both you and your patients can trust. We offer Internet and Intranet Security Assessments, penetration and vulnerability testing, as well as VPN and Wireless Assessment Services. Once security issues are uncovered, we can provide hardware, software, and remediation plans.
To learn more, complete our Information Request Form or contact an Account Executive at 1-800-369-1047.