Ten Strategies to Protect Patient Information in 2015; PHI Protection Network Experts Unite

PHI Protection Network Experts Unite, with a Call to Action to the Healthcare Industry

Third Annual PHI Protection Network Conference Will Empower Organizations, Offering Strategies, Best Practices, and Insights

PORTLAND, Ore. — December 10, 2014 — Data breaches, lawsuits, medical identity theft—all cringe-worthy realities—and the threats to patient data have never been greater. With cybercrime targeting healthcare, organizations are challenged to manage and protect sensitive patient data—protected health information (PHI). Industry experts from the PHI Protection Network (PPN) offer healthcare security and risk professionals top privacy and security strategies to implement in 2015 that will protect patient data and meet the demands of the evolving healthcare and security landscape. PPN members include Accuvant, Inc.; Clearwater Compliance, LLC; ID Experts; MacKenzie Marketing Group; MiddleGate, Inc.; Symantec Corporation.

Ten Strategies to Protect Patient Information

1. Demand organizational leadership engagement. Workforce training and safeguards alone will not be effective. Organizational leadership must embrace and champion compliance as it would any other component of the organization’s value chain. Leadership must visibly and actively foster a culture of compliance throughout the organization by setting expectations and holding all workforce members accountable to the same standards.
2. Find and identify your data. Organizations need to know where their data lives, where it travels, and in what form (encrypted, identified, deidentified, etc.).
3. Control PHI workflow and minimize necessary workforce access. Organizations must find ways to better control PHI workflow within the organization, and movement outside the organization. This not only includes safeguarding it from impermissible uses and disclosures, but will also require integration of HIPAA with other health information protection activities to ensure a single point of control within the organization.
4. Assess risks. Organizations must have solid processes in place for assessing risk with new systems, devices, services and partners and determine how best to use their power as purchasers to weed out those that don’t meet best security practices.
5. Prioritize third-party vendor management. Organizations will need help with third-party vendor management to strengthen oversight and review processes. Note that smaller Business Associates are particularly vulnerable since they may not have as many resources to devote to security and compliance, and may be more likely to experience a data breach.
6. Get proactive. The healthcare industry needs to take a proactive stance when it comes to regulations to protect patient health information. Companies that go above and beyond baseline protection requirements will be seen as industry leaders, and patients will choose to use their services over others.
7. Make privacy an integral part of new technology adoption. The pace at which new technology is being introduced into the healthcare industry is increasing, with thousands of new health-related mobile applications available this year, devices such as Apple Watch, and the Internet of Things. But we have little evidence that patient privacy or security features are being considered. The healthcare industry and its technology service providers need to dramatically improve how they take advantage of existing technology as well as how they design, construct and deliver new tools.
8. Measure to Improve. You can’t manage what you can’t measure. The healthcare industry needs to get better at determining key metrics to continuously measure and improve security postures.
9. Look for "non-standard" systems as potential PHI data stores. In particular, voicemail systems, customer service call recording systems, and closed-circuit television systems could all potentially be storing PHI, but may not be as carefully safeguarded as traditional IT systems such as EHRs and patient billing.
10. Instill a culture of security. Every employee is a guardian of the customer’s data.

PHI Protection Network Conference to Offer Best Practices and Insight

For more information and to register for the third annual 2015 PHI Protection Network Conference taking place February 19, 2015 in Anaheim, California, visit phiprotection.org. The Conference will gather senior privacy, compliance, and security officials to share best practices and insights to provide and empower attendees with tangible and actionable takeaways that can be implemented inside healthcare organizations today. PPN provides a forum for privacy and security professionals to keep up-to-date with new ideas and information, current industry trends, the latest PHI/PII privacy and security industry practices, and the latest tools and technology.

About PPN
PPN is an interactive network of PHI protectors and solutions providers. This cross-industry group was formed to help expedite the adoption of PHI best practices. Many members contributed to the report The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security—calling for enhanced security to safeguard protected health information—issued in March 2012 with the American National Standards Institute (ANSI), via its Identity Theft Prevention and Identity Management Standards Panel (IDSP), in partnership with The Shared Assessments Program, and the Internet Security Alliance (ISA).

###

Media Contacts:

Lisa MacKenzie

MacKenzie Marketing Group

503-225-0725

lisam@mackenzie-marketing.com