What steps is your practice taking to avoid a healthcare data breach? In this blog post, we share a few tips on preventing data breaches as well as creating a robust security and risk assessment.
Include financial data in your security and risk assessment. HIPAA security and privacy rules focus on the compliance with health data security, however, financial data such as credit card and Social Security numbers are typically more valuable to data thieves.
Know your data flow. It’s crucial that your practice can track the flow of health data through all devices on its network, including smaller devices such as laptops and thumb drives. Also make sure to include any could services and business associates in your data flow analysis.
Assign one person to information security. Make one person at your practice directly responsible for HIPAA privacy and security implementation. If responsibility is spread among too many people, then no one responsible.
Remove network credentials quickly. When someone leaves your practice, it is critical that their network credentials are terminated as quickly as possible, denying them access to your practice’s data. Healthcare organization login IDs and passwords are bought and sold on the black market which creates a huge vulnerability for medical practices.