Arecent industry study forecasts data breaches cost about $5.6 billion for healthcare providers annually, which means there is a lot of work to do as an industry to protect sensitive information. As healthcare moves toward more connected care, the amount of data exchanged between organizations will only grow, and this means the potential for exponential security risks.

Just as with population health and regulatory reform, security is complex and layered: the more you prepare, the more secure your organization can be — and it can’t happen overnight. Therefore, if you’re not already taking steps now to enable data to be captured, accessed and shared among patients, providers and payers, then you may be a few steps behind.

According to some industry experts, the hard truth is breaches are inevitable. Here are three practical tips for helping to secure your healthcare data security processes, helping you be proactive versus reactive:

Encrypt your data

Reports say that much of the data stolen in the Anthem Blue Cross and Blue Shield data breach was unencrypted, proving that just because an organization may figuratively lock its electronic doors, that doesn’t mean its data is protected from a successful break-in. Encryption is vital and should be a matter of process moving forward – rather than an option. Ask yourself whether your data management system’s encryption and decryption capabilities are as strong as they can be – especially with respect to leveraging the cloud for patient healthcare information (PHI) transmission and storage.

Look at your whole data management strategy to identify gaps

Evaluating your data management strategy can help you secure PHI. Failing to do so could result in stiff financial penalties under HIPAA regulations. A few access points to consider, include:

  • All workstations, including printers and multifunction devices used by clinical personnel. Be sure they are locked down against unauthorized access.
  • All contractors with access to data systems have completed Data Access Agreements. Under HIPAA rules, vendors can be held liable for compliance failures.
  • Your organization conducts and documents comprehensive risk analysis every year, as required under HIPAA regulation. Such assessments should assess your data management systems and processes related to PHI and include actual hacking attempts and potential or actual real-life scenarios.
  • Each and every person working in your organization with access to PHI, from the executives to the janitorial staff, needs to be fully trained on all HIPAA regulations and requirements. By training your staff on current regulations, you can not only help to protect information that is being shared within your organization, but you also safeguard data beyond the walls of your hospital.

Practice security in patient engagement

Patient engagement refers to the ongoing and constructive dialogue between patient and provider, and it’s largely driven by technology ranging from patient portals to electronic data capturing platforms that result in more accurate and streamlined diagnostic information.

While patient engagement wasn’t prevalent five years ago, providers will no longer control the data in the future. The rise of consumerism and high patient payment responsibility is driving patients to be more willing—even demanding—participants in the management of their own information. As a result, leveraging technology that helps evolve the role of the patient, including putting more emphasis on secure access, will be key. Examples include an authenticated sign on process and tiered level security questions.

As the recent data breach at Anthem Blue Cross and Blue Shield illustrates, closing the barn door after the horses have escaped is futile. Considering the value of patients’ healthcare and insurance data, taking proactive steps to prevent data breaches can help your organization when it comes to preparing your data against breaches – now and in the future.

Is your hospital doing everything it can to remain secure?