Home » News » Currently Reading:

Bowtie Confidential: The Internal Security Threat 6/30/12

June 30, 2012 News No Comments

Despite the potential impact of negative publicity, penalties, fines, and lawsuits, healthcare organizations continue to breach patient information. The threat to privacy and security is not only external; it is also internal, including employees, temporary staff, and third parties.

Technology can be a culprit (it is easier to access and transfer data online), but it can also be part of a solution. Although it is impossible to prevent all insider attacks, you can leverage technology to minimize the risk.

Culture is also a culprit. Look at Facebook – people are becoming comfortable putting personal information online. There is a cultural “loosening” of privacy boundaries, which can affect an organization’s culture and therefore its security.

The following action steps should be part of your plan for reducing internal security threats:

  • Cultivate a leadership culture of respect for individual privacy regarding access to information
  • Include the “insider threat” plan in the organizational strategic plan
  • Create and assign the role of a chief information security / privacy officer
  • Develop enhanced human resource screening processes and interview techniques to seek out potential insider threats
  • Develop ongoing and consistent HIPAA (security and privacy) training and awareness programs that extend beyond orientation
  • Implement appropriate data and application access monitoring software
  • Establish clear policies and procedures to address identity, access management and overall data protection
  • Develop and implement a system and data access monitoring process that includes summary dashboard reports to leadership
  • Implement and schedule risk assessment audits

Internal threats are just as dangerous as external threats – or more. By creating and implementing a specific strategy to reduce and address insider threats, healthcare organizations can better manage their risk. Everyone is accountable for privacy and security. However, the message has to come from the top with policies, procedures, and monitoring to reinforce it.

Rob Drewniak is vice president, strategic and advisory services, for Hayes Management Consulting.

Comment on this Article:







Founding Sponsors


  


Search All HIStalk Sites


Loading


Related Sites

Sponsor Quick Links

Platinum Sponsors


  

  

  

  

  

  

  

  

  

  

  

  

  

  

  

Gold Sponsors


  

  

Subscribe to Updates


Click here to sign up for spam-free updates.

Follow

Reader Comments

  • KLAS Research: From the Research Desk at KLAS: RyanS.’s statements need to be clarified: • PCC Partner PM was scored very well by pr...
  • Margalit Gur-Arie: ...or you can use an electronic faxing solution... some are free and all are easy to use. [From Inga] Of course you a...
  • A. Phan: Another humorous, insightful read on EHRs. Dr. Gregg always tells it like it is. Rock on, doc, rock on....
  • digital derelict: A dose of reality and humor from Dr. G. You would think that an industry ( is HCIT really an industry ?) with a spokesma...
  • Bignurse: Dr Gregg, Your situation is so sad and so unacceptable. How many small vendors are being crushed altogether by larger c...

Tweets

3MHISNews3MHISNews: Five principles for HAC reduction http://t.co/VJeFcY7pYY #healthcare #CMO
1 week ago
AllscriptsAllscripts: Find out how Allscripts thinks differently about design features and functionalities for #mobileEHR designs http://t.co/f2CRu3bIFG
1 week ago
NextGenNextGen: Webinar 6/13! EHR & Practice Management: Work Simpler, Smarter & Faster http://t.co/iu5kzblsM1 #EHR #PM
1 week ago
culberthealthculberthealth: Culbert VP Brad Boyd offers his thoughts on the benefits of consolidating #revcycle functions. http://t.co/if38d4o21a via @ADVANCEforHIM
1 week ago
View more »