When you hire an employee, you put your trust in that employee that they will always do the right thing. They will work hard and do their job well while working for you.
Of course, that doesn’t always happen. The news is filled with stories of employees who are anything but good employees.
According to a survey from Accenture, nearly one in five healthcare employees would be willing to sell confidential data for as little as $500. That makes you look at each employee a bit differently, doesn’t it?
Medical identity theft happens in one of three ways:
Physical record or insurance card theft - while individuals are usually careful with their cards and records, healthcare providers are sometimes negligent in handling the data. They release personal information through a standard email or text message, for example.
Electronic health records (EHRs) - EHRs are often available to everyone on staff. With terminals all over the office, logging in and taking records is a simple act.
Data breaches - medical records fetch high prices on the black market, making them irresistible to hackers.
One of the easiest ways to cut that risk down is to pay more attention to your employees. Most people steal for monetary gain. Right behind that are disgruntled employees who can easily access data and sell or leak it to damage the organization. Keeping that in mind, you can organize your practice in such a way as to reduce those potential risk factors.
1. Provide education on an on-going basis
This is your greatest line of defense. When you keep your employees up to date on laws relevant to your practice, why they exist, who they protect, and what happens if those laws are broken, employees are less likely to cross the line. If you ask anyone if a gain of $500 is worth prison time, they would say no. Detailing that out in training can remind employees again and again of where that line exists. And they’ll be less likely to jump at the bait and do the right thing instead.
2. Monitor rights in every system
When an employee needs access to information, it’s easy to open up the system and let them in. But do they really need full rights? Have a system in place that looks at the needs of every job, and assigns different levels of access depending on the position. Track that - do employees continually need that access? How often do you require password changes? How quickly do you pull access rights? This isn’t something you should ever ignore. It should be one of the top priorities in your overall security plan.
3. Watch for patterns and spikes
Internal monitoring is one of the easiest ways to catch criminal behavior before it becomes a bigger problem. It means pulling reports regularly and watching activity. It means looking at data and looking for patterns and spikes that simply don’t make sense. Monitoring can also help you watch for changes in employee behavior. Do you have someone who received a letter of reprimand, or is showcasing troubling trends? Keep a closer eye on their daily activities. It may provide the proof you need to take further action, and help determine if they need to be fired.
If you would like to learn more about how to keep your organization's data safe from employee behavior, let’s talk.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.