- Improving health data privacy and security through health information exchange (HIE) can be done through multi-factor authentication, utilizing data encryption, and extensive employee training, according to recent tips from DirectTrust.
Healthcare cybersecurity measures are essential for organizations of all sizes, and recent large-scale health data breaches suggest that health data privacy and security issues are not going to go away anytime soon. That is why healthcare organizations cannot neglect their breach prevention measures, according to DirectTrust, and must ensure that they are properly utilizing the latest security options.
"Ironically, the push to make healthcare information systems more interoperable, and the rush into mobile and wearable healthcare applications may be increasing the vulnerability of health information to hacking events," DirectTrust President and CEO David C. Kibbe, MD, MBA said in a statement. "Fortunately, there are a number of things that can be done to improve security and better protect the privacy of healthcare information transferred by and stored in the health information technology (HIT) systems used by healthcare providers across the spectrum."
As previously mentioned, utilizing multi-factor authentication, data encryption methods, and proper employee training are all critical to improving health data privacy and security through HIE use, according to DirectTrust.
Multi-factor authentication “is the single most important step healthcare IT professionals and their organizations can take to decrease the threat of the hackers gaining access to sensitive health information,” DirectTrust stated. Not only does this option replace the single ID and password, which is often quite “hackable,” it provides stronger and more secure ways to authorize users.
For data encryption, DirectTrust explained that this should be utilized for both data at rest and data in transit.
“Data encrypted at rest does not guarantee it remains encrypted as it traverses a network. Both types of encryption are necessary to prevent hackers from accessing ‘over the wire’ encrypted content that fails to remain encrypted once it's reached its destination,” the statement read. “Using both types of encryption safeguards must occur in tandem; they are not automatic.”
Strong security is more about the people than the technology, DirectTrust explained, which is why training is so critical. Users must be consistently trained on health data security policies and practices. Vigilance is important because “employees who don't know how hackers and their schemes work are the ones most likely to be taken in by a hack.”
Instituting those three actions will go a long way toward improving health data privacy and security, according to Dr. Kibbe.
"Electronic health information exchange provides healthcare providers with numerous benefits, primarily due to the increased efficiencies it affords,” he said. “To avoid the risks - and potential hardship to users - healthcare providers need to become as familiar with standard security improvements and privacy protections as their counterparts in other industries have.”