Over 150 Total Lots Up For Auction at One Location - CA 05/31

Access control strategies to secure health care data

June 01, 2015
Kurt Mueffelmann
By: Kurt Mueffelmann, CEO of Cryptzone

Cyber security threats, and the need to incorporate data access controls into personal and enterprise devices, plague industry worldwide.
Community Health Systems, the Home Depot, JP Morgan, Sony and many others have fallen victim to sophisticated attacks that compromise sensitive information. While retail, finance and every industry in between are forced to rethink their approach to security, perhaps healthcare violations hit most intimately: they’re not just monetary, but can compromise survival. Late last year, Gizmodo reported on a study that found hospital hacks are skyrocketing because “hospitals are super easy to hack.”

Securing access—at all touch points—to personal health information remains an epidemic wreaking IT havoc on healthcare. Whether it’s the precision health movement, managed care, supply chain management, or transitioning to electronic health records, providers can’t seem to find the right antidote to secure data and restore patient confidence.

From drug and device makers, to hospitals and providers, to patients and families, the healthcare supply chain is demanding unique security approaches that disrupt traditional models of network access control, to better mitigate threats from the outside and within. These challenges are quite evident when addressing Health Insurance Portability and Accountability Act (HIPAA) compliance.

Headline-making breaches of protected health information (PHI) tell tales of astronomical numbers of medical records being accessed without permission. Besides Community Health Systems’ loss of 4.5 million patient records, Adventist Health System/Sunbelt, Bon Secours, the South Carolina Department of Health/Human Services and Anthem have also experienced major breaches. In each case, exploiting PHI was relatively easy.

Collaboration across the entire value chain can alleviate much of PHI’s risk of exploitation and ensure HIPAA compliance. Healthcare payer and provider compliance and risk managers are tasked with ensuring that vast amounts of information stays safe and is handled appropriately. How do they establish, manage and maintain an efficient access management strategy?

The first step is to implement healthcare data policies and compliance strategies. Using Microsoft SharePoint, a collaboration and document management platform, as an example, Cryptzone advises customers to use the following chart to develop a framework for safely handling PHI.

You Must Be Logged In To Post A Comment