3 Strategies for Securing Health Data

In an age of iPads and iPhones, access to information is easier than ever before. Because of increased access, however, hospitals need to be more careful than ever in securing their data. While every organization faces the challenge of securing data, hospitals may be at a disadvantage, according to Brian Contos, director of global security strategy and risk management at McAfee. He says healthcare is a "poster child because there is so much need, so much sensitive data and so few resources to address [data security]." However, there are strategies hospital leaders can use to ensure information is only accessible to the appropriate people.

1. Create a connected security framework. Creating a central security framework is one of the keys to data security, according to Mr. Contos. He says one of the challenges to securing data is trying to also address network security. When unified under a central system, however, hospitals can more easily address security issues. He describes a connected framework as a "unification of network-centric and data-centric controls with a unified security console." Hospitals can unify these controls by breaking down walls between silos. Mr. Contos says hospitals often have different groups working on end point security, network security, devices and desktops and laptops. Connecting these different areas to allow for communication can enrich the security system, according to Mr. Contos. "Removing silo walls is critical, particularly for organizations with limited staff and resources. Risk is greatly reduced because you can find the threats earlier and respond more quickly and more easily," he says. A connected security framework creates what Mr. Contos calls a "win win win combination" of increased speed in detecting errors, reduced risk and optimized business processes.

2. Understand data. An important strategy in securing data is understanding what the data is, where it is and who has access to it. Mr. Contos suggests meeting with employees to determine what information the hospital has, what can be deleted and what needs to be secure. "The best way to secure data is to delete it," Mr. Contos says. Understanding what information the hospital can delete can thus improve data security. Knowing who has access to data is also important in security. Monitoring access is challenging in hospitals because data may be sent to many groups and individuals, including physicians, payors, research organizations, government organizations and marketing firms. By tracking who interacts with data, hospitals can begin to control its security.  

3. Virtualization. One of the challenges of securing data is maintaining easy access for people who need to work with the data. In virtualization, individuals can use one device for both work and home use without jeopardizing data security. In a virtual laptop, for instance, someone can get on a network only through a specific client. The network does not allow copying or screen captures so that the individual could take the laptop home for recreational use. "[Virtualization] essentially added a level of bifurcation between personal and business contexts even though it's a single device," Mr. Contos says.

By creating a connected security framework, understanding data and using virtualization, hospitals can improve data security.

Learn more about McAfee.

Related Articles on Data Security:

Omnibus HIPAA Final Rule Will Not Mandate Encryption of Personal Health Information

Oregon's Dunes Family Health Care Posts Notice of Data Breach

Stolen Laptop Contained Information for 6K Patients of New Hampshire's Speare Memorial Hospital

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars