Healthcare organizations face the ongoing challenge of ensuring patient information is adequately protected. But as cyberthreats become more sophisticated, these organizations must go beyond complying with HIPAA regulations to develop comprehensive security risk management programs to effectively defend against these evolving threats. What are the key action items to improve health data security in 2015 and beyond?
In an overview of the Healthcare Information Security Today survey results, Marianne Kolbasuk McGee, executive editor at Information Security Media Group, covers a broad range of issues:
Top Perceived Cyberthreats
Considering the massive hacker attacks on Anthem Inc. and Premera, it’s not surprising that hackers are perceived as the top emerging threat for many entities. However, business associates with inadequate security, the growing use of mobile devices and mistakes by staff members also present big worries.
Breach Prevention and Detection
Top breach prevention strategies include stepping up training on privacy and security issues and implementing an audit tool to enhance detection of unauthorized access. But with more than half of survey respondents saying they had no breach during 2014, are entities getting better at breach prevention, or failing to detect breaches?
HIPAA Compliance Progress
The majority of respondents say they’re confident their organization would “pass” a HIPAA audit with only minimal non-compliance issues. But the survey also shows that many organizations are not taking basic security measures, so perhaps that confidence is unfounded.
Top Security Priorities and Investments
Top priorities for 2015 include improving regulatory compliance, boosting staff members’ security awareness and preventing and detecting breaches. Top planned investments are an audit tool or log management system, data loss prevention and intrusion/misuse detection.
Mitigating Risks
Lost or stolen devices are a leading culprit in major health data breaches, yet many organizations still don’t require encryption on all mobile devices. And usernames and passwords are still the dominant method for authenticating users with access to clinical data, with the use of more robust authentication still rare.
Following the survey overview, McGee convenes a discussion of the findings with a panel of experts.