Did you know that within the last two years, the personal health information of nearly 18 million Americans was breached electronically? That affected six percent of Americans. Even more surprising is the value of the data being sold. Medical records sell for $50 a record in the underground market which is even more lucrative than financial information, says the chairman and CEO of the Santa Fe Group.
It is no wonder there is concern for the security and privacy of electronic health records.
Here are some recent ways information security is being addressed in the healthcare industry that can surely be applied within other enterprise organizations:
Staying Safe in the Cloud
Take a hybrid approach leveraging both public and private clouds, where your most private patient or customer/client information and other protected data is stored in the private cloud.
Security through Application Management
Healthcare is one of the leading industries for data security, particularly as it relates to patient records. To address privacy concerns, companies are moving from a MDM (mobile device management) world to that of a MAM (Mobile Application Management) world. MAM “enables organizations to manage specific applications and data without having to worry about the entire device or an employee's personal data” says Computerworld. IT can focus on the controlled access of applications, as well as the inherent private information. With mobile device sprawl, it will be easier for IT to manage access to data, than the devices themselves.
Access, Approval & Withdrawal
"Most large organizations have access control systems that automatically generate e-mail to managers for them to approve user privileges, but these access control systems don't always include hosted applications," says NetworkWorld. Often too many people have access to applications they no longer need, such as employees who have transferred to another position within the company, or employees who have left the company and whose user privileges were never revoked. Examine current processes on how your company approves and provisions employee access.
iPads and other Mobile Devices
With iPads being the preferred device by enterprises, there is a need for a mobile device security strategy - to protect the data even more so than the device. First, says TechTarget, isolate personal and business information on devices. Better yet, do not allow any corporate information to be stored on employee BYO devices. Then, deploy encryption solutions where you can. Since personal devices cannot be controlled at the level of company-issued devices, limiting devices that can access corporate information should be included in the data security and mobile management policy.
What about Social Media?
Social media inherently poses risks due to how quickly information can be shared or exposed. Interestingly, where social media may be the most useful in terms of security, as in cases having to do with public relations after a security incident has occurred. Social media can be an excellent tool to communicate your company's position, actions, or messages quickly - to clear confusion in the market or to address a situation publicly and immediately. It is a more personal and direct communication medium that should be considered a part of a company's security strategy.
Information security is an enterprise-wide risk management issue that does not reside with IT alone. That would be an impossible burden. Accountability must run across the organization. After all, what's at risk is the proprietary information of your customers, your intellectual property, your reputation and all the other resources that make your company one-of-a-kind and competitive.