When it comes to dealing with a data breach, it isn’t so much as if it will happen, as it is when. Studies have shown that one in four health care organizations have experienced a breach. And even if perfect security could be achieved, there is still the risk of someone with legitimate credentials accessing the data and using it inappropriately.
It’s human nature. We’re not perfect. Things happen.
Yet even with statistics showing how commonplace data breaches are in our society, what is surprising is how many health care organizations are not spending the time needed to prepare.
Preparation today is no longer about putting up a firewall to keep the bad guys out. With the growing availability of electronic devices, and an equally growing availability of patient data in electronic format, this approach is no longer feasible.
Instead of investing in firewalls, it’s now mandatory to create a system of continuous monitoring, to track how people access information and what they do once they get inside of the system.
To start, users should be subdivided into groups.
The greatest majority of users will use the system as intended on an infrequent basis. This would include patients that access their records a few times per year, for instance.
You will also have high-profile users who access the system on a regular basis in a variety of different ways. These users may have access to confidential or restricted records, or have the ability to use the system in more detailed ways. Inputting data for instance.
The higher the user profile, the more security is needed. That includes regular monitoring to ensure the system is used correctly. Through continuous monitoring, you’re more likely to catch the breach early in the process.
However, splitting people into groups and monitoring people based on their accessibility isn’t always accurate. You can’t always predict human nature. Because risk is always a constant ebb and flow environment, it’s important to have emergency overrides that allow authorized personnel to quickly restrict access and shut out eminent danger as appropriate.
If there is a situation, acting quickly is the key to success. Early response and quick action can not only help you avoid a larger problem, it can also save the potential of having a situation blow up into a publicity nightmare.
Stopping the situation is important; the right system protocol can cut your risk factors tenfold. Being prepared for a viral attack either in traditional or social media is also essential; it can make the difference between surviving and thriving.
Perfect security isn’t possible. But if you accept responsibility from the beginning - from planning, to monitoring, to recovering when things to wrong – you will provide your surest method of attack.
