July 15, 2016
The big buzzword in healthcare right now is security-how to get it, how to keep it, and how to apply it across all devices and access points. The expansion of healthcare technology, beautiful as it is, probably inspires new nightmares for healthcare security on a nightly basis, and implementing an appropriate BYOD (Bring Your Own Device) policy is one of the greatest challenges.
According to Forbes, over 112 million healthcare records were compromised within 2015 alone, and 90 percent of the top ten breaches were reportedly the result of hacking or IT incidents. While these cyberattacks may not have been directly related to BYOD or personal devices, the presence of less secure technology within the network can create gaps within the established healthcare security measures. An effective BYOD policy and appropriate internal network security measures can help prevent personal devices from becoming a weakness.
Of course, the easiest thing would be to ban personal devices altogether, but modern employers have found that to be impossible and many healthcare organizations have found that the mobile devices can be useful for doctors who are constantly on the go. However, the key to making those devices useful is ensuring that patient records are properly protected, and since healthcare data breaches have reportedly increased 138 percent or more since 2009, that task has undoubtedly kept many healthcare security professionals up at night.
Below are some steps that will help increase your practice's security and protect patient and practice confidentiality. Unbreachable security is a myth, but the right steps can at least urge cybercriminals to look the other way and take their business elsewhere.
Create layers. A secure network requires limited access to different levels of information. Not every member of your practice needs access to your Electronic Health Records (EHR) files. Not every member needs access to payment records. By limiting access to only those who need the information, you make it harder for hackers to infiltrate all your practice's information. Perhaps they get into the EHR, but you might be able to prevent them from getting into the payment records or insurance records, thereby limiting the amount of data they can steal. While certainly you want to prevent any and all access, sometimes it's about damage control.
Enforce encryption. According to Healthcare IT News, one of the biggest issues in healthcare security is a lack of enforcement of certain policies, namely encryption. While many can agree that encryption sounds like a good idea, not all have actually taken the steps to ensure information is appropriately encrypted and protected. "Healthcare organizations don't have the luxury of waiting while their employees gradually come around to grasping the importance of following encryption requirements," wrote Darren Leroux in the article mentioned above. For the sake of patient privacy, healthcare security needs to include a BYOD policy that requires encryption and ensures that steps are taken to prevent network and information access if compliance is not verified.
Consider Next Generation Firewall (NGFW). While it can be slightly more costly, a Next Generation Firewall can also ensure greater protection and more control over network access. A traditional firewall, while useful, offers limited control to users and generally offers less information about network traffic. The NGFW, on the other hand, would allow healthcare security personnel to monitor and control traffic much more effectively and on many different levels. While the specifics are laden with IT jargon, suffice it to say that traditional firewall acts more like a sieve, while the NGFW is more like airport security on steroids.
Ensuring the security of all devices on your network is challenging, and BYOD policies certainly offer extra complications, but healthcare security is attainable with the appropriate caution and enforcement.
More, it's about information. Even if you have a good policy and take the steps above, it is vital to inform all members of your practice or hospital about the dangers of cybercriminal infiltration and what steps they can take to help ensure security of patient information. With everyone on the team informed of BYOD and appropriate security policies, your practice would stand an even better chance of facing down hackers and staying out of 2016's breach statistic reports.
About the Author - Ashley Choate is a native of Jacksonville, FL where she lives with her son, dog, and three cats. She graduated Magna Cum Laude from Jacksonville University with a BA in English and holds an MAED in Adult Education and Training. She lives for reading and writing, learning and teaching, and figuring out the day-to-day traumas and joys of mommyhood.
Set up a Demo! Schedule a short demo to learn more about NTC Healthcare’s solutions and how they can benefit your practice. http://www.ntctexas.com/healthcare-solutions-demo