IS Decisions report Healthcare: Data access compliance, highlights several issues that have a direct effect to security of information within the healthcare industry.
The report follows a narrative of a user’s employment from what happens when they start employment, through the granular details of network access on to changing roles or leaving an organization.
The likely rise in legal and regulatory scrutiny in 2016
Contributing to the report, David Childers, fellow at Open Compliance & Ethics Group (OCEG) said.
“Healthcare organisations are now the number one target for hackers and state sponsored cyber-thieves. Of all the major breaches in 2014, 42% of these events occurred in a health-related organisation. Data protection experts agree that the number of breaches in healthcare is going to increase.”
“The reason for this increase is simple. The value of a healthcare record is seven to ten times greater than a credit card record. Protected health information (PHI) has a longer “shelf life” than traditional financial data, and it can provide a unique view to a population for foreign governments.”
“With the requirement to transform medical records to an electronic form, IT professionals are fighting to secure records, cloud storage, appropriate access and confidentiality — all within an environment where immediate access to data is literally life and death. But 70% of the data losses are caused by human error. Both Ponemon and Experian in their latest reports regarding data breach and protection challenged healthcare organisations to “step up” their security posture. Not only did these studies cite the increase in breach event activity but noted the likely rise in legal and regulatory scrutiny that will come in 2016.”
“Protective efforts must extend beyond the IT departments and focus on the creation of the “human firewall.” Everyone within the organisation needs to understand their responsibility for protecting PHI. But to do that they need to first understand the risks, know the right way to access, transfer and store data and to be vigilant to social engineering like, pretexting, blagging and phishing.”
“This report comprehensively reviews the steps and requirements organisations need to take to improve their data security posture. It can serve as a place to start or a way to review your current data protection and data privacy programs.”
Read the entire report from IS Decisions and check if your organization is compliant
Research and guidance on user security & data access regulations in healthcare. Go beyond HIPAA compliance & NHS security regulations to safeguard patient data.