Safe & Sound with Marianne Kolbasuk McGee

Don't Overlook Free IT Security Help

Guides Offer Timely Guidance on Preventing Breaches Marianne Kolbasuk McGee (HealthInfoSec) • January 27, 2014    
Don't Overlook Free IT Security Help

In the aftermath of the Target breach and other recent mega-breaches at retailers, the public is on heightened alert for compromises to their personal information. And as more health data gets digitized, and new cyberthreats emerge, some experts are predicting that health data breaches in 2014 and beyond will surge.

See Also: Attack Surface Management: Improve Your Attack Surface Visibility

For those of you keeping score, some 804 major health data breaches affecting 29.3 million individuals have been reported to the Department of Health and Human Services since 2009 (see: Health Data Breach Tally Tops 800).

Healthcare providers are hungry for guidance in safeguarding patient data, even if their main motivation in doing so is to avoid the wrath of federal regulators. 

Healthcare providers - especially smaller ones with more limited technology resources - can use all the help they can get to prevent breaches that not only put patients' privacy at risk, but also can have an adverse impact on patients' trust in their caregivers.

Federal Help

Among the resources that can help are a variety of free guides made available from the Office of the National Coordinator for Health IT, which oversees policies and standards for the HITECH Act's electronic health record incentive program and also national health information exchange efforts.

While there are dozens of resources available from ONC to help healthcare providers comply with the HITECH's meaningful use requirements, it looks like security and privacy topics are particularly top-of-mind for many organizations seeking assistance.

The No. 1 downloaded provider resource from ONC in 2013 was its Privacy and Security Guide, says Matt Kendall, director of ONC's office of provider adoption support, who recently listed the top 10 in a blog.

In 2013, ONC's top 10 provider resources were downloaded a total of more than 77,000 times. Of that, the privacy and security guide alone was downloaded 9,547 times, an ONC spokesman tells Information Security Media Group. That guide, which gets periodically updated with new content, has been downloaded more than 15,000 since it first debuted in 2012.

The guide contains basics ranging from "why privacy and security matter," to more meaty specifics, including links that bring healthcare providers to in-depth details about HIPAA compliance from the Office for Civil Rights, ONC's sister agency at the Department of Health and Human Services.

Also on the top 10 list of most popular ONC provider resources last year is an information security policy template.

That template includes common sense suggestions for what should be included in a security policy, such as encrypting e-mail and steps to safeguard mobile devices.

The customizable template includes blank spaces where organizations can list specifics, such as the name and phone number for a privacy officer who receives breach reports.

Safer Health IT

ONC also recently unveiled new guidance aimed at improving the safe use of health IT, especially EHRs.

The Safety Assurance Factors for EHR Resilience Guides, or SAFER, cover nine topics, including contingency planning and patient identity, both of which have a security-related theme.

The contingency planning guide offers important tips for avoiding and recovering from EHR downtimes, while the patient identity guide aims to help practices establish systems that will help ensure that vital clinical information used in EHRs is about the right patient.

While the SAFER guides contain a disclaimer that says "implementation of a recommended practice does not guarantee compliance with [HITECH] Meaningful Use, HIPAA, or other laws," the materials also make the point of saying that following the HIPAA Security Rule can contribute to safer health IT.

Just Do it

Certainly, regulators these days are pushing for more data privacy and security vigilance by healthcare providers. For instance, changes brought forth in the HIPAA Omnibus Rule last year mean healthcare entities need to get more on the ball in protecting patient data or face penalties that can range up to $1.5 million per HIPAA violation.

Based on the interest in the ONC privacy and security resources, it's clear that many healthcare providers are, indeed, hungry for guidance in safeguarding patient data, even if their main motivation in doing so is to avoid the wrath of federal regulators.

I encourage you to take advantage of the free ONC guidance for help in making sure patient information remains private and secure. Let us know if you find the guidance helpful, or whether other guidance would be more useful.



About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Aité-Novarica's Cybersecurity Impact Award
Aité-Novarica's Cybersecurity Impact Award

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing omnibus.healthcareinfosecurity.com, you agree to our use of cookies.