Boost Your Healthcare Security

Learn Best Practices for Protecting Patient Data

Bill Virtue

A thorough and robust security maintenance plan is absolutely necessary in order to meet HIPAA requirements and regulations. Certainly, there’s a lot of information available on best practices to meet HIPAA compliance. Most of the healthcare organizations I talk to have security initiatives in place and are well versed in HIPAA requirements.

But here’s a sobering fact: according to the Security Engineering Team Quarterly Threat Report for Q2 2016 from NTTSecurity (formerly Solutionary), 88% of all ransomware attacks in 2016 targeted healthcare organizations. That’s kind of a staggering number, isn’t it? Please click responsibly.

So, what makes a good security plan? The first step is to write it down—a written plan is an actual HIPAA requirement. But you need to go beyond putting a series of controls in place and develop a strategy to manage change. All environments evolve, and keeping up with these changes, especially with more mobile and wearable devices coming into use, affects your supporting security documentation.

Another key step is to make sure you properly train your staff on how to protect patient data. Firewalls, passwords, and other safeguards are not sufficient if your users don’t follow security protocols.

Finally, you need the right monitoring and alerting in place in order to be notified of breaches as soon as possible. It’s a sad truth that we can’t say “if a breach occurs,” but must say “when.” The best course of action is to set up notifications and have a mitigation plan ready. This includes creating an incident response plan and understanding your local breach notification laws.

To learn more about best practices for protecting your sensitive data, take a look at the white paper Searching for Security: The Importance of Planning and Maintenance for Long-term HIPAA Compliance.

Bill is a Senior Systems Engineer at Connection with over 30 years of experience in Networking Solutions, Information Security, and Identity Management. Bill is a founding member of the ISSA NH chapter dedicated to promoting Information Security within the business community. Bill is also a US Navy veteran and held Operations Management positions within the Atlantic Fleet. Bill has broad knowledge in the Security and Compliance space and has consulted on large scale enterprise deployments and security projects and contributed to many technical articles and technology white papers. When he has free time, Bill enjoys catching up with family and friends and riding his Harley Davidson.