Data Privacy and IT Security Now Have Priority Status on Healthcare Management Agendas

In a recent US survey of cyber security leaders 94% of the respondents cited compliance with data privacy as a top priority for their organization and is now a key item on their senior management corporate agenda’s.

In particular, data privacy is a crucial area in the healthcare sector as providers store large volumes of patient Personally Identifiable Information (PII) and Protected Health Information (PHI). In addition, with a significant number of employees working remotely and many healthcare providers adopting a tele-health based strategy (as a result of the pandemic), cyber criminals have more opportunities to identify and exploit potential system weak spots.

In parallel with data protection, more than 50% of the survey respondents highlighted concerns in regard to keeping up with ever-changing data privacy regulations, and most listed data breaches and internal or third-party misuse of data as a top concern when it comes to enabling a cyber-secure workplace.

In the first half of 2021, the Office for Civil Rights (OCR) has levied Health Insurance Portability and Accountability Act (HIPAA) data violation fines to healthcare organizations exceeding $5.5 million. While the financial aspect cannot be ignored, healthcare data breaches can have a more important impact as they can cause EHR downtime leading to potentially life threatening delays in patient care.

In the healthcare sector it is important for IT leaders to stay aware of not only the latest HIPAA guidelines but also any applicable regional data compliance regulations, such as the California Consumer Privacy Act (CCPA) and adopt a zero-trust approach to data access.

IT leaders in healthcare organizations often have to contend with a particularly challenging multi-site environment, supporting different medical departments with a wide variety of 3rd party technology (both hardware and software), and a large number of medical and administrative staff requiring access to patient data.

Craig Hospital, a world-renowned rehabilitation hospital has however managed to secure their patient data, whilst enabling medical staff to stay focussed on patient care.