Posts Tagged: Data security

Healthcare organizations always have to be vigilant about data security. In fact, most approach it with a security-first mindset, internally. You should extend that same perspective to all your business partners, especially your healthcare data management provider. You need to have the utmost confidence in their security measures. Here’s how you can accurately assess them.

Assessing a Healthcare Data Management Provider

When seeking out a healthcare data management provider, there are specific security questions you should ask. Performing this due diligence should satisfy any concerns over compliance and safety protocols. 

Critical Questions to Ask:

• Have you ever had a PHI (protect healthcare information breach)? 
• Do you use HIPAA business associate agreements (BAA)?
• How are your processes HIPAA compliant?
• What encryption do you use? Is data encrypted during transit, rest, or both?
• Do your employees complete annual HIPAA compliance training?
• Does the provider use a data colocation provider with certifications? Is the data center have physical security 24/7?

What Are the “Right” Answers?

• PHI data breaches: Of course, you want this to be a no. However, should a provider have a breach in its history, you should ask for all applicable information regarding notifications, fines, and corrective measures.
• HIPAA BAA: These are mandatory when you share PHI. Before beginning any work, a vendor should provide this. It’s a big red flag if they don’t!
• HIPAA compliant processes and data security: The vendor should have rigorous and detailed security protocols relating to encryption, cybersecurity, data centers, adherence to HITRUST, two-factor authentication, and business continuity.
• Encryption: PHI should be encrypted during transit and at rest using 256-bit standards.
• HIPAA training: Every employee in a healthcare data management company should have annual training and certify their understanding of HIPAA through a scored test. 
• Data center details: Providers should use a top-tier colocation center that has a long list of certifications. The data center should be HIPAA and HITRUST compliant. Additionally, such an entity should have SOC 1, 2, & 3 Type 2 certifications. Finally, the location should have 24/7 physical security.

As you compare providers, create a matrix to check off their answers to these questions. Then you can accurately evaluate them. It should be a crucial part of your screening process. 

Dedicated to Security

We are proud to say we’ve never experienced a data breach in our over two decades of business. Pharmacies and healthcare organizations trust us with their PHI every day, and we have strong, consistent protocols in place. We also use one of the most reputable colocation companies, Flexential. 

In the field of healthcare, keeping protected healthcare information (PHI) secure and private is necessary for compliance. HIPAA has specific rules about how PHI can be stored and shared. As the world deals with a changing workforce dynamic, you may be wondering what working from home securely looks like. As a company that began as being completely remote and still has the majority of its workforce in this model, we wanted to share how we work securely every day.

How to Master Working from Home Securely

Follow these tips to ensure safe and secure data practices.

Educate employees on HIPAA rules

All your employees should participate in HIPAA training at the beginning of their employment with an update at least annually. What do your employees need to know? Check out our HIPAA compliance checklist for employees.

Provide VPN access

Deploying a VPN keeps data secure as it moves from core systems to remote employees. A VPN adds another layer of security, which hides the user’s IP address, encrypts data while in transit, and masks the user’s location. Every remote employee that has access to PHI should be using a VPN.

Keep data security protection up to date

All the layers of security on your network must be updated as needed to ensure patch installation. This includes virus checkers, firewalls, and device encryption. 

Define rules on passwords

The 2019 Verizon Data Breach Investigation Report (DBIR) found that 80% of hacking-related breaches were the result of compromised and weak employee passwords. To mitigate this risk, you should develop password guidelines. Further, you should use a password manager to act as a digital vault, such as 1Password. You can also promote greater security with two-factor authentication.

Maintain software updates

Every software or application that your company uses that interacts with PHI should be kept updated. Activate automatic updating to devices to ensure nothing gets missed. These updates are imperative to ensuring your software is safe to use.

Use the cloud

The cloud has proven to be a much more secure way to store, share, and manage data. If you are still using on-site servers, they are actually more vulnerable. We partner with Flexential, as our trusted data center. They host all our servers and are a top-tier, national colocation provider. Their certifications include PCI DSS, HIPAA compliance, HITRUST CSF, SOC 1, 2 & 3 Type 2, ISO 27001, NIST 800-53, EU-U.S. privacy shield framework, and ITAR.

Develop and maintain your business continuity plan

Having a business continuity plan is a must for any healthcare organization. Beyond just including the steps for disaster recovery, business continuity planning defines how you’ll keep running. It should consist of your data backup protocols and what you’ll do to keep workers and assets protected. 

Working from Home Securely: Keep Your Business Safe and Up

As the new normal begins to shift, working from home is essential to keep your employees safe and your business running. If you haven’t established a plan for this, start with these vital tips.