Healthcare organizations are recognizing the need for heightened cyber defense in the wake of increased ransomware and other malware attacks this year. Becker’s outlines the main points of entry that hackers are likely to exploit, including networks, equipment connected over the Internet of Things (IoT), personal devices, data storage, records disposal, and remote users. That last vector is increasingly important as more patient care shifts to remote-based triage and appointment setting. Below are some recommendations on how your medical call center can improve policies surrounding telephone nurse triage and patient health data to make them more secure.
Physical Security
Start by addressing the onsite components that make up your triage call center’s infrastructure. Servers, computers, and mobile devices should be up to date on the latest firmware, software, and encryption protocols. As of last year, says HIMSS, some hospitals were still relying on Windows 2008, Windows 7, and Windows XP — all software which is no longer supported or updated by the manufacturer, and therefore more vulnerable to security breaches.
Data Security
You also need to think about how others can access and share your triage data safely. There are two aspects to keep in mind:
- Establish strict policies and procedures that keep your networks and data secure from unauthorized users. For example, if you use a virtual private network (VPN), confirm that it’s with a reputable vendor that regularly provides vulnerability testing and patching — otherwise, it could still be exploited by hackers. If your call center relies on cloud-based storage or applications, the hosting data center needs to be certified for SOC 2 and HIPAA, the highest industry standards for both physical- and cyber-based security.
- Ensure that your staff is properly trained to identify risks of data exposure, and that they’re reminded regularly. For example, is yours trained to not open emails or click links from sources they don’t recognize? Are they mindful of common phishing tactics? Many organizations are adopting a Zero Trust model, where their systems require verification from everyone — whether inside or outside their network — as the best method to guard against unlawful access. Periodically engage with your IT on software vulnerability and penetration testing to proactively identify vectors that are potential targets for an attack.
Personnel Security
It’s vital that the triage staff members you hire internally or contract with are not only qualified for their specific roles, but adequately trained on these security measures. Make sure to run the appropriate background checks on all applicants, or verify that your contractors do so for their employees. Establish clear and logical policies and procedures, and reinforce them through the appropriate staff training, periodic testing, and review. When in doubt, coordinate with IT so that you have dedicated specialists available who can monitor your network and address questions and concerns from your team.
Business Continuity and Disaster Recovery
Can your network maintain access to its patient data in the event of an emergency, or retrieve that information if portions of your network fail? What if there’s a fire in your primary server and the backup server goes down? How do you avoid shutdowns during a natural disaster? While such events are rare, a business continuity plan is vital to your organization’s resiliency, and should be tested annually to verify that it works.
How Secure Is Your Nurse Triage?
Do you manage telephone nurse triage in-house, or through a partner triage company? In either case, you need to make sure that your organization or the vendor it’s partnering with has the proper security infrastructure to address all of the above. That’s where we can help. Our nurse triage software and triage call centers utilize a secure, HIPAA-compliant private cloud so that organizing and sharing patient data with your practice — either to your existing system and EMRs, or your doctors’ smartphones via text — complies with all healthcare privacy laws. If you’d like to see how this could benefit your services, let’s talk: 855-887-4243, or https://triagelogic.com/contact-us/.