Integris researchers conducted a survey in which they asked healthcare leadership to assess their data privacy maturity. They surveyed 258 executives from mid to large organizations, and found that 70% were confident that they know where their sensitive data is. Of those respondents, 50% update their personal data inventory annually. Although executives are largely confident, healthcare data security must include means to track data, which many organizations lack.
Additionally there is a question on whether organizations can properly identify protected health information (PHI), with 66% of respondents confident in their organization’s ability to do so. Researchers stated, “Sensitive data has an evolving nature. What’s considered a sensitive category or piece of data today may not be considered sensitive tomorrow, and vice versa. Understanding derivative personal data is important, yet challenging.” The report also indicates that 87% of the US population can be identified using just three indicator, gender, zip code, and birthdate.
Analysis and Mapping
Healthcare data security is a multifaceted issue that organizations have an obligation to adhere to. Part of being HIPAA compliant is knowing where sensitive data is held to ensure that it is adequately safeguarded. Conducting a HIPAA risk analysis gives organizations a better understanding of where PHI is stored and how it is protected. Organizations must complete a HIPAA risk analysis annually to determine if their security practices are properly protecting PHI.
A HIPAA risk analysis enables organizations to create a network diagram that maps the path PHI travels. For example, a patient record may travel through a server to the billing department, insurers, and healthcare vendors. Understanding the path data travels allows an organization to determine whether or not PHI is maintained, transmitted, and stored, in a HIPAA compliant manner.
Vulnerabilities
Data mapping allows an organization’s IT department to have a real-time knowledge of how data flows. This increases healthcare data security as IT staff can determine weak points in security and make necessary adjustments to secure data. Assessing vulnerabilities is also required for HIPAA compliance. Organizations must determine their vulnerabilities and create remediation plans to address gaps in security.
Inventory Tracking
Network diagrams must be updated regularly to ensure healthcare data security. When an organization adds new equipment, the equipment must be assessed to determine possible risk factors.
Do You Need Help with Healthcare Data Security?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and Managed Service Provider (MSP) security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.
Find out more about how Compliancy Group helps you simplify compliance and cybersecurity today!
