Tuesday, December 17, 2013

Three Ways Healthcare Providers Can Prevent Security Breaches

In January of 2013, with the release of the Omnibus Rule, HIPAA placed tougher privacy and security requirements on hospitals around the nation. This was due to the fact that there have been 570 major breaches of patient information since 2009, many of which are due to insider snooping and identify theft.

So where are hospital security measures falling short?

In 2010, state health authorities reported that the University Medical Center in Las Vegas had lost control of the keys used to access locked bins holding patients’ information sheets. Only three employees were supposed to have access to these keys; however, an audit revealed that more than 53 employees had key copies, with no record of how they acquired them.

Cases like this one are discovered by auditors frequently, but there's a way to prevent this from happening to your organization.

If you are a healthcare provider, note these three things you can do to tighten your hospital’s key security:

1. Train employees who have access to patient information on privacy and security procedures.

One of the biggest security threats hospitals face are mistakes made by staff members. A recent survey by HealthcareInfoSecurity revealed that healthcare organizations are more likely to face fines related to misdirected faxes and mailings, snooping, identify theft and stolen files rather than the occasional hacker. Let your employees know how to prevent and report breaches in security.

2. Find a system that works.

There are several policies you can implement to tighten security. But if they’re not simple and convenient, people won’t use them and they won’t work. It’s important to find a key control system that doesn’t require a lot from its users, but gives out a lot of information in return. Consider an automatic key management system if you’re looking for something user friendly, secure and manageable.

3. Keep a verifiable audit trail.

Auditors will regularly come your way to inspect how you keep your patients and their information safe. Keeping a stellar trail of employee key access can help make the audit go more smoothly for you and your healthcare organization.

With the implementation of the Omnibus Rule, think about how safe your patient files are and consider increasing your security prevention measures. 

Tuesday, December 10, 2013

Electronic Key Control: Three Things You Need to Do Before the Holidays

Alarm clock with Santa hatThe holidays are coming up, and chances are, you and many of your associates are looking forward to long vacations and time with friends and family.

Before you leave, though, it’s important to make sure that your key control policies don’t go on vacation when you do. Here are our top three tips for making sure your electronic key control system does its job while you’re off the clock.

Review Access Levels

Before you leave, review user access levels to make sure any employees who are working through the holidays are authorized to check out the keys they need. Restrict access to keys they will not use in the course of their job responsibilities. If you anticipate users needing access to high-security assets or areas, such as vehicles or rooms containing expensive equipment, make sure an on-site manager or associate with the appropriate access levels is available to assist with these transactions. Do not relax security requirements for the sake of convenience.

Make Sure Alerts Are Set Up

You should always take advantage of email and text alerts for overdue keys and unauthorized transactions, but alerts are especially important if management personnel and/or system administrators are going to be out of the office for the holidays. In the event that a security breach occurs while key personnel are away, they need to know so they can take immediate action. (If you have a KeyTrak system, check out our three-step guide to setting up text alerts.)

Collect Unreturned Keys

Review the key log to determine which users still have keys checked out. If any of those employees will be taking vacation, ensure that they return the keys in their possession before they leave.

Take these precautions now and rest assured that you have taken the proper steps to keep your keys and assets safe while you’re enjoying your vacation.