Why Computer Security in the Healthcare World is Important

Now that computers are a vital component of our everyday lives, it’s increasingly important that computer security is placed front and center on our list of priorities. In the healthcare world in particular, thoughts are often focused on saving someone’s life – not necessarily on securing access to interfaces and computer systems that store private data like medical records. Computer and IT security is a balancing act between controlling access to information while allowing free and easy access to those who need that information.

Data and Protected Health Information (PHI) security is more important than ever. In fact, just last month the FBI informed the healthcare industry that it was being targeted by hackers from abroad. Earlier in the year the FBI warned the healthcare industry that systems were found to be laxer in comparison with other sectors. Healthcare data breaches have affected over 30 million patients, and that number continues to rise. It’s noteworthy to point out that data breaches cost the industry $5.6 billion each year and could put a small to medium sized medical practice out of business.

It’s not possible to solve all of the computer and data security issues in the healthcare realm at once, but by raising awareness and forming stable habits, progress can be made.

Computer Security Month

Did you know that October is National Cyber Security Awareness Month? This is a great opportunity to set aside time to focus on securing your practice’s network and IT environment. The truth is, any day of the week or year will suffice for the purpose of reviewing computer security policies. Take the time at your organization to regularly review IT security policies, practices, and procedures to make sure they are current and being followed correctly by staff.

HIPAA Matters

As if your practice or organization needs further incentive, it’s good to know that there are a number of HIPAA standards that require you to periodically review your policies and procedures. Adopt this occasion to establish computer security awareness at your practice or organization. Work with staff and providers to review policies and procedures and keep everyone informed of the importance of computer security and their personal role in securing data. HIPAA breach violations could cost your agency up to $1.5 million per year!

Computer Security Checklist

Consider this checklist of items that your organization can utilize as a springboard to ensure your computers and IT systems are secure.

• Work with your IT department or provider to refine this list and make sure it all gets completed.
• Consider performing a HIPAA risk assessment.
• Schedule a regular review of your policies and procedures, along with an annual HIPAA audit (HIPAA standards require this). Include internal and external penetration testing as part of that audit.
• Take the time to change passwords that are employed on a regular basis. Consider keeping passwords in an encrypted password vault like Password Safe or KeePass. By using a password vault, it’s easier to generate 50+ character passwords and use them without having to memorize them.
• Verify access to data backups. Every organization and individual should have a secure backup of their data. Review both your personal and your company’s backup policies and ensure that everything is getting backed up, encrypted, stored securely and that you can access these backups in a timely fashion. Nothing will cause more disruption to your operation then finding out that some hacker has deleted or corrupted business critical data, and you don’t have a way to make it right quickly.
• Verify there are physical safeguards on your IT assets. Examples include locked doors and signs warning of restricted areas; surveillance cameras and alarms; property control tags and engraving on equipment; identification badges for staff; and encrypted hard drives that contain PHI.
• Complete a self-guided security risk assessment tool. There are many tools available to step you through a HIPAA risk assessment. HealthIT.gov has a tool that you can download to compete a Security Risk Assessment.

If you or your organization is interested in more information on IT Security Assessments and Audits, contact Afia today.