Patient privacy is a top priority for
the medical community. Patient data should be virtually secured. It is critical that staff understands what security measures are required and how to implement and utilize those methods.
Last Tuesday the Redwood Memorial
Hospital announced that it lost a thumb drive that may have contained information
on more than 1,000 patients. This information contained data that could lead to
identifying individual patients. The thumb drive was not encrypted. The hospital notified patients that are
potentially affected and set up a hotline to answer questions related to the
situation.
There were multiple factors leading to the security failure in this
situation. The first, and most obvious breach is that all patient data should
be encrypted. The second mistake leading to the leak is identifiable patient
data should not travel offsite unless necessary to transfer information.
There are multiple ways to encrypt
patient data. Facilities should have network security measures, two-factor
authentications for individual computers, and encrypted portable devices.
For an article
with more details on this breach visit this site: http://www.times-standard.com/localnews/ci_24560866/redwood-memorial-thumb-drive-patient-data-missing-eureka
Important Tips
- Encrypt any device that is contains identifiable information on patients.
- Make email passwords unique from any other password protected site or device.
- Use available products on the market to secure information stored on hard drives and flash drives.
- Disk and flash drive encryption is available with products such as YubiKey. (http://www.yubico.com/applications/disk-encryption/)YubiKey can increase the security of the data on a hard drive by using a two-factor authentication or in conjunction with open source software such as Truecrypt.
- TrueCrypt is a free open-source software that improves security. More information on the software can be found here: http://www.truecrypt.org/
- Use two-factor authentication to reduce the chances of unauthorized eyes viewing or using the private patient data. More information on two-factor authentication can be found here: http://rippleit.com/understanding-two-factor-authentication/
- Ensure that all mobile devices with patient information, portals to access patient information or email accounts are protected. For more information on protecting your mobile device visit this site: http://rippleit.com/secure-your-phone-or-mobile-device/
- Improve network security with these steps for small businesses: http://rippleit.com/top-ways-to-improve-network-security-for-small-businesses/
No comments:
Post a Comment