IAPSC Member Jim Kelton, CISA, CRISC, CGEIT was a knowledge area resource for the following article by Aine Cryts in Physicians Practice entitled "Three Steps to Preventing Data Breaches in Your Practice".
"Every few weeks, there’s a headline about a healthcare organization that’s been victimized by a hacker or a disgruntled employee. What is your practice doing to protect its data against theft? It can be a balancing act for physician practices that want to provide access to patient information in the EHR and elsewhere, while preventing data breaches. Here are a few steps that can help practices avoid those unfortunate headlines:
Know where your data is
First, you have to know where your data is, said Jim Kelton, managing principal at Costa Mesa, Calif,-based Altius Information Technologies. If you don’t know where your data is transmitted or where it’s stored, you can’t provide the layers of protection that are needed.
"You have to know where [your data is] transmitted and where it’s stored," he said. Part of this exercise includes determining the practice’s EHR and other clinical information systems—and whether that software is hosted on the cloud. It can also be as mundane as making sure that printed e-mails from patients aren’t sitting around the office.
"There are 18 forms of protected health information, even an e-mail address can identify someone and needs to be protected,” he said...