Cybersecurity And Health Care
Securing health care information is an important process for health care organizations and should commence with conducting a risk assessment to confirm that policies and procedures are in place to detect attempts at a breach. This process provides the organization with the assurance that it has the appropriate and effective response mechanisms in place. The organization should also use an independent third-party review as a check and balance to mitigate the impact of a breach and to have an established plan, policies and procedures to deal with an incident if and when it occurs.
Provider organizations and insurers are working toward implementing technologies to detect unusual transactions in order to contain the damage and appoint someone to have the exclusive authority to implement the procedures and deploy resources to address a breach. This person should be responsible for coordinating the response, determining the damage, containing the damage and addressing public relations issues. The provider should be careful to scrutinize the policies and procedures relating to cybersecurity measures by their vendors by invoking third-party reviews as well.
Encryption of data, restriction on access to data and proper levels of training of employees are essential to ensuring the proper levels of cybersecurity.
Communication between the upper level management and the security professionals is critical to the success in combating this newest level of challenges for providers. Risks may be further reduced by making certain that the policies and procedures in place are at a minimum compliant with national standards, and the provider should explore insurance coverage as another option in protecting the organizations’ financial viability in the event of a breach.4
1 U.S. Department of Health and Human Services Office of Civil Rights, https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
2 Cybersecurity in Healthcare: A Time To Act, Fidelis Cybersecurity, September 2015
3 Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, Ponemon Institute LLC, May 2015
4 Cybersecurity in Healthcare: A Time To Act, Fidelis Cybersecurity, September 2015
Published by Gary R. Pannone, Managing Principal
Gary R. Pannone
Gary R. Pannone is a Principal and the Managing Partner of Pannone Lopes Devereaux & O’Gara LLC. He has been representing closely held business owners for 30 years, specializing in the areas of business formations, corporate restructuring, mergers and acquisitions and corporate compliance. Attorney Pannone’s practice also includes the representation of nonprofit organizations with respect to consolidations and mergers and acquisitions, and he serves on several boards and governance committees of nonprofit agencies. He is a frequent lecturer and published author in the areas of corporate compliance, board governance and best practices.