Don't Overlook Free IT Security HelpGuides Offer Timely Guidance on Preventing Breaches
In the aftermath of the Target breach and other recent mega-breaches at retailers, the public is on heightened alert for compromises to their personal information. And as more health data gets digitized, and new cyberthreats emerge, some experts are predicting that health data breaches in 2014 and beyond will surge.
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
For those of you keeping score, some 804 major health data breaches affecting 29.3 million individuals have been reported to the Department of Health and Human Services since 2009 (see: Health Data Breach Tally Tops 800).
Healthcare providers are hungry for guidance in safeguarding patient data, even if their main motivation in doing so is to avoid the wrath of federal regulators.
Healthcare providers - especially smaller ones with more limited technology resources - can use all the help they can get to prevent breaches that not only put patients' privacy at risk, but also can have an adverse impact on patients' trust in their caregivers.
Among the resources that can help are a variety of free guides made available from the Office of the National Coordinator for Health IT, which oversees policies and standards for the HITECH Act's electronic health record incentive program and also national health information exchange efforts.
While there are dozens of resources available from ONC to help healthcare providers comply with the HITECH's meaningful use requirements, it looks like security and privacy topics are particularly top-of-mind for many organizations seeking assistance.
The No. 1 downloaded provider resource from ONC in 2013 was its Privacy and Security Guide, says Matt Kendall, director of ONC's office of provider adoption support, who recently listed the top 10 in a blog.
In 2013, ONC's top 10 provider resources were downloaded a total of more than 77,000 times. Of that, the privacy and security guide alone was downloaded 9,547 times, an ONC spokesman tells Information Security Media Group. That guide, which gets periodically updated with new content, has been downloaded more than 15,000 since it first debuted in 2012.
The guide contains basics ranging from "why privacy and security matter," to more meaty specifics, including links that bring healthcare providers to in-depth details about HIPAA compliance from the Office for Civil Rights, ONC's sister agency at the Department of Health and Human Services.
Also on the top 10 list of most popular ONC provider resources last year is an information security policy template.
That template includes common sense suggestions for what should be included in a security policy, such as encrypting e-mail and steps to safeguard mobile devices.
The customizable template includes blank spaces where organizations can list specifics, such as the name and phone number for a privacy officer who receives breach reports.
Safer Health IT
ONC also recently unveiled new guidance aimed at improving the safe use of health IT, especially EHRs.
The Safety Assurance Factors for EHR Resilience Guides, or SAFER, cover nine topics, including contingency planning and patient identity, both of which have a security-related theme.
The contingency planning guide offers important tips for avoiding and recovering from EHR downtimes, while the patient identity guide aims to help practices establish systems that will help ensure that vital clinical information used in EHRs is about the right patient.
While the SAFER guides contain a disclaimer that says "implementation of a recommended practice does not guarantee compliance with [HITECH] Meaningful Use, HIPAA, or other laws," the materials also make the point of saying that following the HIPAA Security Rule can contribute to safer health IT.
Just Do it
Certainly, regulators these days are pushing for more data privacy and security vigilance by healthcare providers. For instance, changes brought forth in the HIPAA Omnibus Rule last year mean healthcare entities need to get more on the ball in protecting patient data or face penalties that can range up to $1.5 million per HIPAA violation.
Based on the interest in the ONC privacy and security resources, it's clear that many healthcare providers are, indeed, hungry for guidance in safeguarding patient data, even if their main motivation in doing so is to avoid the wrath of federal regulators.
I encourage you to take advantage of the free ONC guidance for help in making sure patient information remains private and secure. Let us know if you find the guidance helpful, or whether other guidance would be more useful.