Most IT professionals can tell you that even if they have a data recovery plan in place, secure firewall systems and password protected databases stored remotely, there is still a chance that a slight data breach can be committed. The Hospice of North Idaho (HONI), a home for the elderly, failed to run a routine security analysis and was charged by the Office of Civil Rights (OCR) for allowing a small breach that released the private information of 441 patients at the facility.
According to Lexocology.com, the breach was small but the fine was $50,000. Rick Kam, President and co-founder of ID experts, says 2013 will mark the year of security breaches in the healthcare industry. A recent survey by the Ponemon Institute says 94 percent of the Healthcare industry experienced data breaches of varying levels in 2012. This alarming data is accounted for by the Ponemon Institute because of the lack of resources and budget that exist in the IT sectors of most of the healthcare industry. There are cost-efficient solutions that can benefit industries that experience financial setbacks every year, due to security breaches:
Many daily operations in a hospital or clinicians office are managed by Windows OS (operating systems). A VPS (virtual private server) is similar to a cloud back up system, except on a VPS the IT manager has full configuration, customization and administrative control, as if you are using a dedicated server that is fully run by the IT department with support offered by the hosting company. Whereas, a cloud hosting provider might not allow a user to customize their control panel or even offer a customizable database. The IT department needs to fully understand the level of security its Windows VPS servers are able to offer and what it’s not able to do.
Create a BYOD Policy and Stick to It
Many companies create BYOD (bring your own device) policies, but very few are able to enforce these policies with its employees, which is what brought on the data breach for HONI. One of its employee laptops was stolen and the database was hacked. The Ponemon Institute recommends health professionals have limited access to company information through its devices, including those that connect to public health information, and they are required to read and sign an acceptable use policy prior to connecting to internal database.
Perform Random Auto Backups
David Houlding, a Healthcare IT professional at Intel says there are many breaches that occur during server backups. Having a reliable virtual server you can control and increasing the encryption of files as they are being backed up in the server, can prevent these kinds of breaches as they happen.
Though Houlding says mobile devices are the largest cause for security breaches in the healthcare industry, he does acknowledge, as does Kam, that having a plan tested and put into practice is far more important than pointing fingers and trying to assess which area is more to blame for security breaches in the healthcare industry.