• An aggressive data-user monitoring program provides health care organizations with automated data about user behaviors. It helps IT to quickly answer questions. Is the employee who accessed 1,000 records last week engaging in a new management-approved project and their access is simply part of their job? Or should the employee be considered a potential breach suspect? Real-time monitoring provides IT with immediate data, so they can proactively stop potential breaches and also quickly train employees who are not following protocol but are not engaging in criminal behavior.
Advanced monitoring tools have workflows built in, so management can set role-specific monitoring. Real-time monitoring also enables firms to assign investigations at the corporate level, so investigators have an immediate “head start” on which users committed the breach, and the records that were accessed.
• Monitoring provides an opportunity for employee training, which must be frequent and thorough. Organizations should find ways to reward positive behaviors when it comes to data security. Perhaps a staff member raises a concern with management before allowing a third-party vendor to use access information. Reinforcing positive actions will prove more effective than only punishing offenders.
Ad Statistics
Times Displayed: 57392
Times Visited: 1683 Ampronix, a Top Master Distributor for Sony Medical, provides Sales, Service & Exchanges for Sony Surgical Displays, Printers, & More. Rely on Us for Expert Support Tailored to Your Needs. Email info@ampronix.com or Call 949-273-8000 for Premier Pricing.
Moving forward
Without advance preparation, performing a data breach investigation is an arduous process. It can involve paying massive fees to security forensic specialists who have to develop a “chain of custody” for the information by wading through thousands of users and potentially millions of records. The potential liabilities are extraordinary, as the providers risk losing the public’s trust and will likely need to offer expensive services such as credit monitoring to the exposed patients. And with U.S. regulations requiring the public media disclosure of any breach involving 500 or more patients, organizations can cast away any dreams of breaches not becoming nightmares.
The costs can reach tens of millions of dollars for larger organizations, but thankfully the risks can be greatly reduced by following best practices. Implementation of monitoring and user identity tools as well as intensive training can develop a “culture of security” where potential risks are proactively stopped in their tracks.
About the author: Shane Whitlatch is enterprise vice president at FairWarning, and is responsible for oversight and management of programs and organizations that bring customers to FairWarning and create measurable business value for customers. He is responsible for the operation and strategy of FairWarning’s strategic partnerships as well as its largest global customers. During his time at FairWarning, the customer community has grown from 20 to over 300 enterprise customers across six countries.Back to HCB News
