Recently, in reporting on a colossal cyberattack, the New York Times pointed to an “urgent need for better digital security” across healthcare. Within long-term care, the urgency amplifies, as data needs to be protected in so many places, such as in residences, remote locations, vehicles, emails, texts, and across networks that may be unsecured.
For long-term care providers, responsibilities extend to all employees, as the safe handling of information needs to be everyone’s job. Today, however, let’s just focus on IT.
The challenge within long-term care is to find reasonable ground that demonstrates a good-faith effort to protect private information, given that up-to-date data systems may be unaffordable. The relief: Even the Feds recognize that appropriate data protections for any given provider depend on the size and resources of the entity.
What’s essential, and doable for all, is to document a data security plan for your organization. The priority should be on mitigating high risks that hold potential to do the most harm.
The good news is you don’t need technical expertise to assure best practices are in place, tracked and managed. Mainly, you need to know the most important things to check up on — understanding that you invite trouble when you assume IT professionals have everything covered.
Priorities identified by private and public sources, including the federal. Department of Homeland Security and the Small Business Administration, include:
Use of strong passwords, with signed commitments that no one will share passwords;
Prompt updates of software or application of patches;
Multi-factor authentication;
Secure networks, with segregated networks to the extent possible (so that if networks become compromised in one facility, others within your organization won’t go down, too);
Secure data backups;
Effective staff training toward the goal of protecting in all places, including remote locations;
Demonstration of a managed approach to data security.
A test of whether you are effectively managing data security lies in the answer to this question: Do you know the questions to ask your IT professionals to assure accountability?
If the answer is no, these bullet points give you place to start. Ask if these measures are in place––and request regular reports to ensure the work is being done. Know the things you currently don’t know. Ignorance will be no excuse in the event of a breach.
About the author
Diane Evans is founder of Guarded Edge, which offers training and services on the application of the Health Insurance Portability and Accountability Act (HIPAA) within long-term care. Diane can be reached at devans@guardededge.com. Readers may access a complementary Social Media Policy from a link on the Guarded Edge homepage at www.guardededge.com.
Commenti