Don't Compromise on Security

Don’t Compromise on Security

Letter from the Medical Director – Dr. Ravi Raheja

The average cost of a data breach in the United States has hit an all-time high of $7.35 million. Just this year, there have been more than 100 hacker attacks on healthcare organizations, according to the U.S. Department of Health and Human Services. Despite better awareness among healthcare organizations, data breach costs average $408 per record. Cybercriminals use weaponized ransomware, misconfigured cloud storage buckets and phishing emails to attack.

Hidden costs in data breaches are difficult and expensive to manage resulting in customer turnover, reputation damage and increased operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.

While looking for cost saving solutions is important for any business, it is critical to make sure your vendor partners also meet the same stringent criteria. This extends to your outsourced, after-hours services as well. Not doing the properdue diligence, can lead to a significant risk in terms of data loss and security.

Here are a few critical questions you should ask your partners in healthcare:
1. Do you have a Chief Information Officer who oversees the security program?
2. Do you have a formal security compliance program in place with yearly audits?
3. Is the vendor URAC accredited so there is a third party auditing the triage call center?
4. What is their data breach policy insurance policy limits?
5. Is the data center infrastructure set up to maximize data protection along with regular scanning of the software and servers?
6. Does the vendor have an intrusion detection system to alert potential threats?
7. Does the vendor have adequate IT resources to monitor all systems and to respond quickly to any potential threats?
8. Do the products meet HIPAA, HITECH, and other security requirements?
9. Do the security reports meet all auditing and HIPAA reporting needs?
10. Do you have a formal HIPAA training program for all staff members?
11. Does the data center where the data is being stored have proper security certifications?
12. Is the patient data secured at all times and in all modules of the product (e.g., strong password protection or other user authentication, data encrypted at rest, data encrypted in motion)?
13. Is the patient’s data secured when accessed via handheld devices (e.g., secured through SSL web sites, iPhone apps, etc).

If the answer is no to any of the questions above, then it may be an indication that you should look deeper and compare vendors before selecting one that will protect your patient data properly.

For more information, please contact us.