What do you do when cybercriminals have stolen “nearly all” of your customer data? AT&T recently found out as it disclosed the data breach in a filing with regulators. It included calling and texting records from a six-month period, including phone number interactions and call duration.
The news is becoming more frequent. The thefts are more brazen. And for many, it’s just “business as usual.” We’ve come to expect cybercrime - the shock and awe are gone.
But for healthcare, it’s a bit different. Healthcare data is more valuable, more sought after. What are you doing to keep PHI safe?
Are you doing enough?
What Is PHI?
Sounds easy enough - PHI is personal health information. But there is a difference between personal health information and patient information.
PHI is defined as individually identifiable health information that is transmitted and maintained by electronic media, or transmitted or maintained in any other form or medium. Individually identifiable health information is bound by privacy and security standards; non-health-identifying information is not.
Patient Information is a broader term encompassing all patient information that a healthcare provider may collect, including both medical and non-medical information. Patient Information can include data collected during interactions with healthcare providers that may not be considered PHI but are still relevant to the patient’s care, such as preferences or personal anecdotes. While not a legal term like PHI, patient information may still be subject to privacy laws and regulations, depending on the jurisdiction and specific details involved.
According to a 2020 Healthcare Cybersecurity Report, nearly 93 percent of healthcare organizations have experienced a data breach in the past three years, and 57 percent have had more than five data breaches during that time.
So the question remains: What are you doing to keep your PHI safe?
Prioritize PHI Safety
You have technology. You have policies and procedures. You have safety guidelines. But what are you doing to ensure everyone on staff takes them to heart? They need to be trained continuously to be aware of security requirements. Audit them regularly to ensure they keep up to date. This can include guidelines to follow when a phishing email comes in, or even understanding acceptable talk in public areas.
Control PHI Access
Access should always be decided at the individual level. How much information does each person need to perform their job? Then, track it. As people move around, be sure their data access changes with their jobs. If you don’t track it, it’s easy to lose track of who has access and who doesn’t.
It’s also important to control physical access to PHI. It should stay on premises whenever possible. If it leaves, have rules in place to ensure drives are encrypted, authenticated, and password protected. You should also have a plan to track all movement of media and mobile devices.
Evaluate Security Practices
You have a lot of needs and requirements to service your patients. That means you’re relying on many partners and vendors to complete daily tasks. Are those partnerships meeting PHI requirements and sticking to the same dedication to maintaining security as you? You are responsible for caring for any PHI in your control, no matter who has access to it.
Secure Communications
You can’t avoid phone, email, and texting in today’s medical system. Communicating with vendors and patients is crucial to ensuring a safe and successful practice. Yet not any system will do. Just like third-party vendors must meet security requirements, so too must your communications system. You must work with partners who understand HIPAA guidelines, and provide systems that fully protect PHI at all times. Otherwise, it might be you who is penalized.
Are You Keeping Your PHI Safe?
Healthcare data is highly sought after by cybercriminals. PHI can be used to commit identity theft and insurance fraud, and can be very lucrative over time.
If security hasn’t been a top priority for you in the past, your PHI might be at risk. How can we help you secure your PHI?
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.