Show Menu

Strategies to Protect Patient Information Cheat Sheet by

Strategies to Protect Patient Information
information     security     patient     strategies


Data breaches, lawsuits, medical identity theft—all cringe­-worthy realit­ies—and the threats to patient data have never been greater. With cybercrime targeting health­care, organi­zations are challenged to manage and protect sensitive patient data—p­rot­ected health inform­ation (PHI). Industry experts from the PHI Protection Network (PPN) offer healthcare security and risk profes­sionals top privacy and security strategies to implement in 2015 that will protect patient data and meet the demands of the evolving healthcare and security landscape.

1. Demand Organi­zat­ional Leadership Engagement

Workforce training and safeguards alone will not be effective. Organi­zat­ional leadership must embrace and champion compliance as it would any other component of the organi­zat­ion’s value chain. Leadership must visibly and actively foster a culture of compliance throughout the organi­zation by setting expect­ations and holding all workforce members accoun­table to the same standards.

2. Find and Identify Your Data

Organi­zations need to know where their data lives, where it travels, and in what form (encry­pted, identi­fied, de-ide­nti­fied, etc.).

3. Control Workflow & Minimize Workforce Access

Organi­zations must find ways to better control PHI workflow within the organi­zation, and movement outside the organi­zation. This not only includes safegu­arding it from imperm­issible uses and disclo­sures, but also will require integr­ation of HIPAA with other health inform­ation protection activities to ensure a single point of control within the organi­zation

4. Assess Risks

Organi­zations must have solid processes in place for assessing risk with new systems, devices, services and partners, and determine how best to use their power as purchasers to weed out those that don’t meet best security practices.

5. Prioritize Third-­Party Vendor Management

Organi­zations will need help with third-­party vendor management to strengthen oversight and review processes. Smaller business associates are partic­ularly vulnerable since they may not have as many resources to devote to security and compli­ance, and may be more likely to experience a data breach.

Protect Patient

6. Get Proactive

The healthcare industry needs to take a proactive stance when it comes to regula­tions to protect patient health inform­ation. Companies that go above and beyond baseline protection requir­ements will be seen as industry leaders, and patients will choose to use their services over others.

7. Make Privacy Integral to Technology Adoption

The pace at which new technology is being introduced into the healthcare industry is increa­sing, with thousands of new health­-re­lated mobile applic­ations available this year, devices such as Apple Watch and the Internet of Things. But we have little evidence that patient privacy or security features are being consid­ered. The healthcare industry and its technology service providers need to take advantage of existing technology as well as how they design, construct and deliver new tools

8. Measure to Improve

You can’t manage what you can’t measure. The healthcare industry needs to get better at determ­ining key metrics to contin­uously measure and improve security postures.

9. Look for “Non-S­tan­dard” System Data Stores

In partic­ular, voicemail systems, customer service call recording systems, and closed­-ci­rcuit television systems could all potent­ially be storing PHI, but may not be as carefully safegu­arded as tradit­ional IT systems such as EHRs and patient billing.

10. Instill a Culture of Security

Every employee is a guardian of the customer’s data. Although employee negligence and lost/s­tolen devices continue to be primary causes of data breaches, as Kam points out, one of the major findings of a recent Ponemon Institute report is that criminal attacks are now the leading cause of breaches in health­care. While criminal attacks are often referred to as cyber-­att­acks, they can also include malicious insider threats.

Download the Strategies to Protect Patient Information Cheat Sheet

1 Page

PDF (recommended)

Alternative Downloads

Share This Cheat Sheet!



No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Medical Spanish Cheat Sheet

          More Cheat Sheets by Davidpol

          The 10 Types of Social Business Speeches Cheat Sheet