By Josh Dunaway | Jan 28, 2022
2 minute read Technology| EHR/EMR| Blog
Data breaches, stolen identities, and fraudulent charges are a fact of life in our modern age. However, for healthcare organizations, protecting patient data is only the beginning. Additional complexity comes in the form of maintaining compliance with data privacy regulations and the high number of healthcare IoT devices and endpoints in a health system.
Data diligence and privacy considerations
While the number of federal and state regulations demonstrated in this HIMSS Infographic is an eye-opening visual of the requirements around healthcare data privacy, it is still a best practice for healthcare organizations to be as thoughtful about deleting data that is no longer useful or required as they are about storing and protecting data. This task requires thorough planning, policies, training, access management, software technology, monitoring, mitigation, and more. Healthcare organizations store large volumes of private patient data, growing by the second. While storage and protecting access to the data are important, it may seem counterintuitive to make retiring data part of a privacy strategy. You might be saying, “Why would we ever get rid of data - who knows if we will need it in the future?” Maybe that thinking supports your business model, maybe it doesn’t. If it does, maybe you seek to eliminate duplications of the same data in multiple storage locations. Meaning, if data are in our data warehouse, do we also need it to remain in the legacy storage source?
The benefits: reduced storage costs, fewer access points to data, and overall decreased risk.
According to the HIPAA Journal, more than half of all healthcare IoT devices have a known, unpatched critical vulnerability. When it comes to the most commonly used healthcare device – the IV pump, the majority of these devices were found to have a vulnerability that could be potentially exploited to gain access to networks and sensitive data, or even worse, impact patient safety. Steps such as segmenting the network can be a start to protecting data, along with performing a comprehensive IT asset inventory and analysis to identify issues such as outdated software, weak credentials, and more. The payoffs can result in reduced risk, efficiency gains, and cost savings through the discovery of overprovisioned licenses.
The list of most common HIPAA violations involve all facets of safeguarding PHI from improper data disposal to failing to control access to patient data. Healthcare technology leaders must make smart, tough decisions based on reducing risk, optimizing costs, and improving data quality, reporting, and accessibility.
Recommendations
When your organization is ready to take the next step toward enhancing patient data privacy, consider the following next steps:
Senior Director, Data Solutions, CereCore
Senior Director, Data Solutions, CereCore
Healthcare network management scenarios are among the most complicated since they are the foundation for modern healthcare experiences with EHRs, digital imaging solutions, telemedicine platforms,...
The confidence your leaders and other stakeholders have in your organization’s IT infrastructure strategy can influence decisions about the value of your team and the resources you’re allocated....
This article and video interview were originally published on Healthcare IT Today.
Let us know how we can support your initiatives and take some of the heavy lifting from healthcare IT.
© All Rights Reserved CereCore Terms of Service California Notice at Collection Privacy Policy Responsible Disclosure