Steps to Closing Security and Privacy Gaps in Healthcare Data
1. Safeguard data from unauthorized individuals.
2. Monitor controls on key systems and check for inadequate logging.
3. Protect access control via complex passwords such as using a combination of numbers, symbols, upper and lowercase letters, etc.
4. Create strong vendor management functions. The Privacy Rule requires the “minimum necessary” standard be applied to any data shared with vendors. Vendor management has a life cycle of its own and should be viewed and managed to appropriately protect PHI (protected health information).
5. Develop business continuity management and incident response plans. Have a disaster recovery plan in place to continue patient care in the event that IT systems are unavailable. There is a gap with this approach in terms of prioritization and recovery efforts of systems in the event of an incident. An information security-specific disaster recovery plan should be part of this plan—while a computer security incident response plan should also be developed in case of a breach. Quick remediation is necessary.
Posted on March 14, 2011, in HIPAA and tagged EHR, electronic medical record, EMR, HCI, healthcare data, healthcare data gaps, healthcare informatics, healthcare information technology, HIPAA, HIPAA compliance, HIPAA Security and Privacy. Bookmark the permalink. Leave a comment.