By Josh Dunaway | Jan 28, 2022
2 minute read Blog| Technology| EHR/EPR
Data breaches, stolen identities, and fraudulent charges are a fact of life in our modern age. However, for healthcare organizations, protecting patient data is only the beginning. Additional complexity comes in the form of maintaining compliance with data privacy regulations and the high number of healthcare IoT devices and endpoints in a health system.
Data diligence and privacy considerations
While the number of federal and state regulations demonstrated in this HIMSS Infographic is an eye-opening visual of the requirements around healthcare data privacy, it is still a best practice for healthcare organizations to be as thoughtful about deleting data that is no longer useful or required as they are about storing and protecting data. This task requires thorough planning, policies, training, access management, software technology, monitoring, mitigation, and more. Healthcare organizations store large volumes of private patient data, growing by the second. While storage and protecting access to the data are important, it may seem counterintuitive to make retiring data part of a privacy strategy. You might be saying, “Why would we ever get rid of data - who knows if we will need it in the future?” Maybe that thinking supports your business model, maybe it doesn’t. If it does, maybe you seek to eliminate duplications of the same data in multiple storage locations. Meaning, if data are in our data warehouse, do we also need it to remain in the legacy storage source?
The benefits: reduced storage costs, fewer access points to data, and overall decreased risk.
According to the HIPAA Journal, more than half of all healthcare IoT devices have a known, unpatched critical vulnerability. When it comes to the most commonly used healthcare device – the IV pump, the majority of these devices were found to have a vulnerability that could be potentially exploited to gain access to networks and sensitive data, or even worse, impact patient safety. Steps such as segmenting the network can be a start to protecting data, along with performing a comprehensive IT asset inventory and analysis to identify issues such as outdated software, weak credentials, and more. The payoffs can result in reduced risk, efficiency gains, and cost savings through the discovery of overprovisioned licenses.
The list of most common HIPAA violations involve all facets of safeguarding PHI from improper data disposal to failing to control access to patient data. Healthcare technology leaders must make smart, tough decisions based on reducing risk, optimizing costs, and improving data quality, reporting, and accessibility.
Recommendations
When your organization is ready to take the next step toward enhancing patient data privacy, consider the following next steps:
Senior Director, Data Solutions, CereCore
Senior Director, Data Solutions, CereCore
For NHS Trusts and healthcare organisations selecting MEDITECH for their Electronic Patient Record (EPR) system is a critical decision that supports operational transformation and improves patient...
The first Labour budget for 14 years promises £22.6 billion extra funding to the NHS, including an extra £2 billion for technology and digital investment. This is obviously welcome news, but is only...
Welcome to the seventh and final blog in our standardisation focused blog series. If you missed any of our previous blogs, you can find them here:
Let us know how we can support your initiatives and take some of the heavy lifting from healthcare IT.
© All Rights Reserved CereCore Terms of Service Notice at Collection Privacy Policy Do Not Sell My Personal Information Responsible Disclosure