By Walter Boyd, senior privacy advisor, IDT911 Consulting.
As covered entities grapple with increased responsibilities for preventing and responding to unauthorized disclosures of protected health information (PHI), IT teams are examining where they may be vulnerable and how to respond if a breach is discovered. But because many small healthcare organizations rely heavily on outside partners—IT consultants and other vendors—for their technology needs, it can be difficult to craft a plan around limited internal resources. By focusing on the basics with a workable approach, these entities can still put together highly effective exposure prevention and breach response strategies.
Know the risks
Before providers begin to formulate either their proactive or responsive plans, it’s useful to understand what’s behind the current privacy breach landscape and why the potential risk of data exposure continues to increase for companies all across the healthcare spectrum.
First, the level of connectivity healthcare companies support is tremendous. Online portals, for example, allow improved access for patients but also present a new doorway into an organization’s PHI databases. These interactions will surely grow as compliance mandates continue to encourage greater patient engagement through providers’ portals.
Connections to service providers are another relatively new development that offer a path into previously closed networks. Companies from payroll processors to property managers to equipment support vendors often have access to various portions of a healthcare organization’s infrastructure. With the reliance many small healthcare organizations have on outside vendors, those links will continue to expand.
Please log in or register below to read the full article.
