7 Essential Steps To Protect Your Health Data

Jeff Wilder

(Guest blog written for the Arizona Hospital and Healthcare Association)

In today’s increasingly interconnected digital world, how can we best ensure that our health data is safe? Healthcare data breaches happen, including locally. Fewer than two years ago, one of Arizona’s largest healthcare providers experienced a breach that exposed the personal information of as many as 3.7 million Arizona patients and employees, reinforcing the need for all of us to be more rigorous and proactive. Hospitals AND patients must do more! Here are 7 steps to improve our defenses.

For Hospitals:

1.  Analyze the risk landscape

How can you defend against an attack you’re unaware of in the first place? Look at your defenses like a hacker would to uncover as many weaknesses as possible. Then, prioritize: The discomforting truth is that hospital resources are too limited to prevent every conceivable attack, but a proper analysis will reveal both the most-likely and most costly dangers.

2.  Constantly monitor your security program

In 2017, the healthcare industry accounted for 25% of all data breaches. Clearly, for a hospital, being secure must go beyond just being HIPAA compliant. A well designed security program operated improperly can be worse than no plan at all, as it lulls you into a false sense of security. You have to continually monitor and invest in your processes and technology to make sure they perform as designed. Such efforts will help you evolve your program more quickly as your risk landscape evolves.

3.  Test, test, test

You have policy and procedures, but are they followed? You have configuration standards, but are they applied? Your program should be frequently tested to make sure that it has been implemented securely and maintained accordingly. Lax attitudes about upkeep contribute to a startling fact: Hackers spend an average of 99 days inside systems undetected. Implementing a timely and comprehensive internal audit program provides peace of mind that your program is operating as expected.

4.  Train your staff

93% of cyber attacks are caused by human error or behavior. Don’t leave your staff unprepared for the defense of your data. Implement a training program for each role that clearly defines responsibilities and provides the knowledge to implement them. Turn your staff from your weakest link to your strongest asset.

And for patients:

5.  Understand who has your data and how it’s being used

HIPAA requires that organizations notify you of the data they have collected and how it’s shared with other parties, so take the time to read the information disclosure.

6.  Be selective about the information you share with third parties

As no defense can be flawless, taking responsibility for your own protection where you can is paramount. So consider carefully if the benefits of sharing your data is worth the risk. It’s within your rights to request your health data not be shared with particular people, groups, or companies. And remember: The data you don’t provide is the only data that is breach-proof.

7.  Exercise your right to know who has accessed your data.

If you believe your information has been accessed in an unauthorized way, it’s your right to retrieve a list of all individuals who have accessed it from the health plan or healthcare provider. The Department of Health and Human Services provides comprehensive information of your rights and how to exercise them here.

With knowledge, training and dedication we can limit the scope and expense of data breaches, making Arizona a safer and healthier state!

Become an Insider

Subscribe today to our free eNewsletter for security insights, exclusive invitations, and more.

Alagen Cybersecurity Solutions

Your ace in the cybersecurity foxhole. Follow us on all your social media platforms.


Become an

Alagen Insider

Subscribe today to our free eNewsletter for security insights, exclusive invitations, and more.

© 2020 Alagen, LLC. All rights reserved.