We know how seriously our customers take the security of health information. With data breaches occurring more than ever before, we understand why organizations are hesitant to adopt the cloud. This is why we agree with Daniel Berger, president and CEO of security risk analysis provider Redspin, who told Healthcare IT News in a recent interview that it's important to get employees to believe that protecting health information is their responsibility. Simply applying the firm's policy to securing health data is not enough to ensure that valuable files and important patient data are not compromised.
Add a security layer to BYOD
Many healthcare organizations are deploying "bring your own device" policies, which allow doctors and nurses to use their personal smartphones and tablets in the workplace. While these initiatives are extremely beneficial and make it possible to experience several efficiencies, it's still vital that employees pay special attention to protecting the information stored on their gadgets. Focusing on security has become a growing trend for firms that want to reduce the risks associated with BYOD.
According to a new study from security training provider KnowBe4 and ITIC, 45 percent of 250 respondents are applying additional security measures at their organizations. Forty-nine percent are leveraging the most innovative security fixes and patches, 36 percent are constantly carrying out audits and vulnerability tests and the same percentage are instructing their employees about the best practices for protecting critical data.
"For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the 'defense-in-depth' strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD," said Laura DiDio, principal analyst at the ITIC.
Encourage employees to get serious about data security
Leveraging the latest tools to protect information stored on the smartphones and tablets of staff members will be useless if they don't take pride in securing the data. Berger told Healthcare IT News that employees have to buy into a breach-prevention culture. Failing to make this happen can lead to compromised information and a damaged reputation. Below are a few tips from Redspin on how to ensure critical data remains safe at healthcare organizations:
- Invest in encryption solutions: While doctors and nurses may not be fans of encrypted data, it can reduce the odds of cybercrime at many hospitals. Sometimes it's better for healthcare CIOs to overrule employee preferences than risk suffering from a data breach due to unencrypted files.
- Train employees on security: Smart CIOs will ensure that their staff members understand the ins and outs of protecting critical data. This is why IT security training is a must at hospitals, and all doctors and nurses should be required to pass a course before they are allowed to use their mobile devices for work purposes.
- Talk with vendors about information security: Even if the healthcare organization uses the best possible policies for protecting data, it's important that its vendors do as well. If a breach occurs because of a vendor's negligence, the hospital can still be blamed if information was compromised.