Tuesday, December 17, 2013

Three Ways Healthcare Providers Can Prevent Security Breaches

In January of 2013, with the release of the Omnibus Rule, HIPAA placed tougher privacy and security requirements on hospitals around the nation. This was due to the fact that there have been 570 major breaches of patient information since 2009, many of which are due to insider snooping and identify theft.

So where are hospital security measures falling short?

In 2010, state health authorities reported that the University Medical Center in Las Vegas had lost control of the keys used to access locked bins holding patients’ information sheets. Only three employees were supposed to have access to these keys; however, an audit revealed that more than 53 employees had key copies, with no record of how they acquired them.

Cases like this one are discovered by auditors frequently, but there's a way to prevent this from happening to your organization.

If you are a healthcare provider, note these three things you can do to tighten your hospital’s key security:

1. Train employees who have access to patient information on privacy and security procedures.

One of the biggest security threats hospitals face are mistakes made by staff members. A recent survey by HealthcareInfoSecurity revealed that healthcare organizations are more likely to face fines related to misdirected faxes and mailings, snooping, identify theft and stolen files rather than the occasional hacker. Let your employees know how to prevent and report breaches in security.

2. Find a system that works.

There are several policies you can implement to tighten security. But if they’re not simple and convenient, people won’t use them and they won’t work. It’s important to find a key control system that doesn’t require a lot from its users, but gives out a lot of information in return. Consider an automatic key management system if you’re looking for something user friendly, secure and manageable.

3. Keep a verifiable audit trail.

Auditors will regularly come your way to inspect how you keep your patients and their information safe. Keeping a stellar trail of employee key access can help make the audit go more smoothly for you and your healthcare organization.

With the implementation of the Omnibus Rule, think about how safe your patient files are and consider increasing your security prevention measures.