Cybersecurity in Nurse Triage and Telehealth
The consensus within the healthcare sector is that most organizations do not have adequate cybersecurity. But improving this service doesn’t have to be difficult, and is well worth your time to safeguard the health and data of your patients, your finances, and your reputation. Read on to learn about cybersecurity best practices, the basic steps your organization can take, and more.
Set up a 15 minute call
Best Practices
Here are the main areas we recommend focusing on first, with an emphasis on physical safeguards and data security.
Article: Cybersecurity Best Practices for Healthcare, Telehealth, and Nurse Triage
Article: Physical Safeguards Your Cybersecurity Needs to Protect Patient Data in Telehealth
Video: Cybersecurity Best Practices for Healthcare, Telehealth, and Nurse Triage
Cybersecurity Basics
While geared toward small businesses, this ebook and quiz from the FTC outlines the basic essentials of cyber resilience that all healthcare organizations would do well to adopt.
Ebook: Cybersecurity Basics
Quiz: Cybersecurity
Medical Call Centers
Learn how your medical call center can improve policies surrounding telephone nurse triage and patient health data to make them more secure.
Article: Cybersecurity: How to Safeguard Your Medical Call Center
Learning Center: Cybersecurity Best Practices for Healthcare, Telehealth, and Nurse Triage
Vulnerabilities
Becker’s Health IT discusses the main points of entry that hackers use to exploit healthcare networks.
Article: 6 vulnerability points hackers target in hospital cyberattacks
TriageLogic’s Cybersecurity
Employees and Users
TriageLogic has a formal HIPAA Security and Compliance training program. All employees are required to complete it and pass an exam to demonstrate their knowledge. We also perform an annual detailed HIPAA Risk Assessment, based on concepts and processes described in NIST Special Publication (SP) 800-30 Revision 1.
Data Centers
TriageLogic’s call center software platform is hosted in enterprise class data. All systems are fully redundant across two data centers, one in Tampa and one in Atlanta. Both are SSAE-16 SOC1 and SOC2 certified, as well as HIPAA and PCI compliant. They’re also backed up regularly and patched quarterly.
Network
Networks in both data centers are protected by managed Juniper/CISCO firewalls. Network traffic is encrypted with SSL encryption. The network and servers are also monitored by a Security Information and Event Management (SIEM) platform and Intrusion Detection System (IDS), operating 24/7 in the Security Operations Center (SOC).
Applications and Data
TriageLogic captures the least amount of ePHI required to provide effective triage information to patients and their providers. Data is encrypted during transit and at rest. Patient data is only stored on database servers and never on workstations or mobile devices. Multi-factor authentication (MFA) is required in order to access the data and applications in the software platform. If a provider requests that TriageLogic sends patient information to them, it will only be provided over a secure connection. The applications are regularly scanned for vulnerabilities and misconfigurations, as well as automated PEN testing.
End User Requirements
TriageLogic software requires a fast internet connection and is built and tested using up-to-date
Chrome and Edge Chromium browsers.