Healthcare: Prevent insider threats

Healthcare is the only industry where insider threats pose the greatest threat to sensitive data, with 58 percent of security incidents coming from people working within the organization itself. Here’s a look at five ways to prevent such breaches.

#1 Educate - The workforce (meaning all healthcare employees) must be educated on allowable uses and disclosures of protected health information (PHI) and the risk associated with certain behaviors, patient privacy, and data security. For example, when a celebrity is admitted to hospital, employees may be tempted, just out of curiosity, to sneak a look at their medical records, so this must be emphasized as a definite no-no.

#2 Deter - Policies must be developed to reduce risk and those policies must be strictly enforced. The repercussions of HIPAA violations and privacy breaches should be clearly explained to employees. They can be penalized huge amounts of money and violations can also carry criminal charges that can result in jail time.

#3 Detect - Healthcare organizations should implement technology to identify breaches rapidly and user-access logs should be checked regularly. Organizations need to have a strong audit process and ensure that they are regularly monitoring and updating access controls so only authorized personnel are looking at sensitive patient data, and that attempts by unauthorized personnel don’t go unpunished.

#4 Investigate - When potential privacy and security breaches are detected, they must be investigated promptly to limit the damages. When the cause of the breach is identified, steps should be taken to prevent recurrence.

#5 Train - Healthcare employees must undergo regular comprehensive training so employers can eliminate insider threats. From a privacy standpoint, training and education often start with the employees themselves; they learn all about data privacy right off the bat, from the first day of orientation. Still, organizations must remain vigilant and ensure that they are properly prioritizing privacy and security as cybersecurity threats continue to evolve. Healthcare organizations’ IT departments should send out different tips covering a variety of topics regularly throughout the year. And to keep these tips top-of-mind among employees, IT departments should send them via a variety of media, including emails, printed newsletters, and even memos.

Is your healthcare data secure? What other steps can you take to ensure protection for your healthcare provider from insider threats? Call today for a quick chat with one of our experts for more information.

Published with permission from TechAdvisory.org. Source.

Shawn Meyer

Shawn Meyer

Shawn has over 20 years experience in utilizing various technologies for implementation, management, and administration of Fortune 100 Enterprise Level distributed environments. As part of the management team, Shawn oversees Enterprise IT and Consulting engagements for RJ2 Technologies’s clients. Prior to RJ2 Technologies, Shawn was the regional IT manager for a large entertainment corporation and was recognized for his change management leadership during a complex system-wide conversion to digital media. In addition, Shawn has worked with various clients throughout the Chicagoland area. Shawn enjoys spending time with his wife and three energetic kids and volunteers for a variety of nonprofit organizations in the Chicagoland area.