6 steps to protect your healthcare data

by Aline Liu
Data breaches, stolen information, leaked personal records — we hear about the agonizing implications of mismanaged data on a daily basis.

In healthcare, mismanaged data comes with a unique set of challenging implications. Consider the 2014 hack against Community Health Systems, resulting in stolen information affecting 4.5 million people.

It’s no secret that healthcare organizations generate and capture information at a record pace. In fact, one study1 predicts that within the next few years, big data for U.S. healthcare will reach the yottabyte (10 24 gigabytes) scale. A data center the size of Delaware and Rhode Island combined would be needed to store this volume of information.

To reduce the chance of information mismanagement, harmful breaches and major headaches, hospitals and health systems must take steps to properly capture and manage the flow of clinical and non-clinical information.

As the amount of healthcare data skyrockets, so do data privacy and security risks. Not only can privacy and security breaches damage your organization’s reputation and compromise patient relationships, but they can also result in major costs. For example, data breaches can carry Health Information Portability and Accountability Act (HIPAA) violation penalties as large as $1.5 million annually. And, unlike in the past, the HIPAA Final Omnibus Rule now holds you responsible for protecting your patients’ private information — such as date of birth, medical record number or Social Security number — by requiring compliance with a comprehensive list of audit checkpoints and adhering to regulations.

To reduce the chance of information mismanagement, harmful breaches and major headaches, hospitals and health systems must take steps to properly capture and manage the flow of clinical and non-clinical information.

So, what small steps can you take today — without disrupting your workflows — to avoid similar breaches? As a start, be sure your organization applies the following six tips:

1. Strengthen user authentication

Adopt controlled access safeguards that can lock down your printers and limit access to certain features, depending on who is using them. At the same time, these safeguards control how and where documents and images are securely stored. Also consider heightening your password security.

2. Encrypt your data

Make data unreadable to anyone except authorized users and intended recipients. Applicable to stored and transmitted data, encryption protects the integrity of documents, images, messages and other personal health information. Technical safeguards as defined by the HIPAA Security Rule are meant to govern the access to electronic protected health information and include the following specifications:

  • Unique user identification
  • Emergency access procedure
  • Automatic log-off
  • Encryption and decryption

3. Protect confidential information

Use data overwrite security to automatically overwrite latent digital images. This makes it virtually impossible to reconstruct files and eliminates future access to those files from the original device.

4. Create an audit trail

Track anyone who uses your devices and accesses data. This will help you produce and maintain the data audit trail required by the HIPAA Final Omnibus Rule. Administrative safeguards are also regulated through the HIPAA Security Rule to protect patients’ personal health information. These policies require you to:

  • Identify pertinent information systems
  • Conduct a risk assessment
  • Implement a risk management program
  • Obtain IT systems and services
  • Craft and deploy policies and procedures
  • Develop and execute a sanctions policy

Simplify your healthcare data protection for new data security challenges

Take the right steps to protect your healthcare data with a trusted partner. 

5. Properly dispose of old equipment

Identify obsolete technology that no longer has the capability of keeping your data safe. By getting rid of these systems safely and securely, your organization alleviates any unnecessary added chance of data risk.

6. Implement physical safeguards

Protect and assess hardware used to share and transfer information to make sure that the right people have access to the right areas, including facility access controls, workstation use and security, and device and media controls.

It’s time for healthcare leaders to re-evaluate their HIPAA compliance risks and form smart strategies to securely capture, access and share information. If you’ve taken action on each of the items above, you’re on your way to ensuring only the right people touch your data — ultimately protecting your patients, employees and the bottom line. 

Aline Liu
Aline Liu, Senior Manager, Strategic IMC Planning for Ricoh’s Healthcare business, is responsible for developing content that addresses the challenges Healthcare companies face and provides insights on how to solve them. She brings over 15 years of experience in marketing communications, promoting content and solutions that are important to our customers. 
1 W. Raghupathis & V. Raghupathis, "Big data analytics in healthcare: promise and potential." Health Information and Science Systems,  February 7, 2014.