Tuesday, April 14, 2015 by Paul Kazlauskas
Keeping a healthcare facility secure is a very difficult, multi-faceted job. Security directors not only have to worry about physical security, they also have to be aware of network security and all the risks that are associated with that. Possible daily concerns include everything from staff-related issues to identifying & tracking visitors to the complications of new technologies. Here are the 4 most common security issues faced by security directors at healthcare facilities…
1) New security technologies. The popularity of smartphones and tablets in healthcare facilities has challenged security directors and their staff to keep current with their security policies. Bringing in your own device (BYOD) for work is becoming more and more common. New types of portable devices need to be understood and those devices need to be made secure. Staff need user training on how best to use portable devices so as not to compromise any patient data or the network of the healthcare facility. Some strategies include restricting access to protected health information, data wiping programs, remote access that provides multiple authorization factors, and limiting outside vendor access to the network.
2) Planning for unfortunate events. Having a plan in place for any number of adverse events is critical for security directors because once something bad happens, there isn’t any time to figure out what to do. There is only time to react and address the issue. The plans must already be set as there is only time to execute them in a crisis. Brainstorming a complete response to a particular event should be done ahead of time. Communication concerns should be addressed as well. Having a plan in place to address any number of issues is key to having a secure facility. Preparation and drills are the activities security directors should focus on. Preparing for adverse events is a long-term and essential project that requires a lot of planning and effective time management.
3) Training of staff. Having high quality training on security policies and processes is significant. Following up and testing associates to make sure that training sticks is the difference between a good security team and a great security team. The follow up is especially critical as new security technologies continue to change the security game. Associates should be encouraged to ask questions on policies and procedures, especially when it pertains to new security technologies. In addition, employees should be encouraged to bring up any new security technologies they hear about to their boss. The most successful security teams are passionate about their jobs and really “own” their success.
4) Policies and procedures. Many healthcare facilities have a vast amount of overlapping and inconsistent security policies in place that render them unmanageable. It is recommended developing concise security policies that are easy to find and understand, and were tailored to the facility in question. There are some great resources available to make sure documentation is prepared and managed properly. Two of the most prominent are the HIPAA Audit Protocol and the National Institute of Standards and Technology HIPAA Security Rule Toolkit.
Want the latest, best security practices delivered straight to your inbox? Click here and enter your email address in the "Subscribe" area (look for the green button near the top right corner of the page).