Visitor Pass Solutions
Login My Cart 1-800-243-1969

About this blog

We write articles mainly about visitor management, which helps you to know who is (or has been) in your facility. It is just part of an organization’s physical security processes that protect people and property within and around a building or campus.

Subscribe

Do you want our latest tips for managing visitors sent to your inbox? Please enter your email address below and click submit.

Categories

Search

Meet the bloggers

Paul Kazlauskas About me › My posts ›

Andrew Jones About me › My posts ›

Josette Lumbruno About me › My posts ›

Blog

"Bring Your Own Device" is a data nightmare for Healthcare Facilities

by Paul Kazlauskas

“Bring Your Own Device” is a data nightmare for Healthcare Facilities

The healthcare industry has experienced more data breaches than any other industry segment of the last five years. The reasons are mainly two-fold, and both are only rising in significance.

First, private health information is some of the most valuable personal data there is on the black market (50 times more valuable than credit card info). A patient’s healthcare record is complete and total. There aren’t any missing pieces of information or the need for hackers to go somewhere else to find a pertinent detail or two.

Second, the healthcare workforce relies on mobile technology and the cloud. Institutions should recognize that they need to protect the data that is on devices AND data that is being transmitted to other places around the world. Healthcare workers that deal with private health information need to be educated on the challenges of data protection, especially actions to avoid.

The high value of patient health information, combined with the use of mobile technology, is a recipe for trouble. Once you add in the fact that many healthcare professionals are bringing their own devices to work (“BYOD”), the security of patient data becomes even more perilous, due to the inexperience of those healthcare workers with data security.

medical data breach of patient health information

Here are some tips to help healthcare facilities be vigilant with data security to protect the extremely valuable patient health information:

  • Conduct periodic reviews of where data lives. It is critical that hospitals know where their data lives — just as they would conduct an inventory of surgical instruments — to get a handle on what data is being stored and where.
  • Purge data after the required timeline expires. A hospital's patient data has an initial asset value, but over time the value decreases. When that data is stored past the required timeline of seven years, it turns into more of a liability than an asset.
  • Implement a strategy that accounts for multiple technologies -- because things change. Since mobile technology is evolving at such a rapid pace, it will be important for organizations to monitor what operating systems employees are using, what updates and security patches are available, and what new tools are emerging to decrease risks.
  • Ensure employees are abiding by the standard security settings of their devices. Some security practices should be non-negotiable, regardless of whether or not an organization allows BYOD. These include such things as:
    • Passwords
    • Firewalls
    • Anti-virus programs

Depending on the type of information, encryption could also be a necessary component. It may be wise to equip mobile devices with remote-wipe applications, so that data can be easily erased if the device was stolen.

  • Help employees understand and comply with healthcare facility data security policies. This is imperative with "bring your own device," because even if employees are using their own devices, they will still have to employ basic security features as a requirement of accessing company information. User training is imperative. So is on-site technical support should any questions arise.
  • In-house technology should supplement employee education. Although hospitals can train and educate employees on security policies, they should still implement necessary technology to detect security breaches or mistakes. People are humans, not machines. Mistakes can easily be made because employees are focusing on their immediate task at hand, not particularly focusing on the security of the data they are working with.
  • Continue to reassess how BYOD is working. Hospitals should keep in mind that data security policies are ones with almost continual consequences in terms of risk. It will be important to monitor the time, money, and resources that are devoted to maintaining BYOD data security. If the cost to mitigate the risks outweigh the benefits, it may be time for a change to policy.
  • Communicate with those in your professional network and learn from what they do. If your healthcare facility is struggling with data security inexperience, the knowledge to do better doesn’t have to come from a high-priced consultant or a software company. Tap into your local network of other hospitals to understand what they did and what they learned. Ask for advice on certain data security situations and read white papers from trusted sources. For specific advice, consult a healthcare I.T. professional. Here is a list of national resources that you can review.

How is your healthcare facility being vigilant with data security to protect extremely valuable patient health information? Please add your thoughts in the "Comments" section below.

Want the latest, best security practices delivered straight to your inbox? Enter your email address in the "Subscribe" area (on the left side navigation).

Download Free Whitepaper ›  
Our exclusive "Guide to Choosing a Visitor Management System"


Follow us on Social Media for more security content.

      

Posted on 7/14/2017

facebooktwitterLinkedInStumbleUpon


Comments:


Name: * for display purposes
Email: * will not be shown
Comment: *
 * Please enter the numbers and/or letters shown below: