Acts ranging from data theft to ransomware cost the healthcare industry an average of more than $9.2 million per breach, according to data from IBM. Healthcare startups and healthcare organizations that use protected health information should recognize that they are potential targets for cybersecurity attacks and data breaches and plan accordingly. Health IT provider Ventech Solutions published a white paper designed to provide guidance to health technology startups and healthcare organizations on the steps they can take to secure their healthcare data infrastructure to support technology development and reduce the cybersecurity threat to their business.
Ventech Solutions has developed a suite of tools designed to support healthcare organizations. Its cloud solution helps keep customers satisfied regulatory requirements, best practices, and compliance as applicable with the Health Information Portability and Accessibility Act (HIPAA), the Federal Information Security Management Act (FISMA), HITRUST certification, and National Institute of Standards and Technology (NIST) guidelines .
The report highlights the importance of achieving measurable compliance with required and effective security practices and guidelines to help manage the security risks associated with health data and ensure that businesses can safely focus their core activities on cost-effective and a value-focused manner.
“Businesses that store and use an individual’s most sensitive data, Protected Health Information (PHI) and Personally Identifiable Information (PII), have a critical responsibility as controllers of that data to ensure that they protect people’s rights and privacy, ” according to the report. “HIPAA-compliant security programs must address the integrity of the IT systems infrastructure, including access control and monitoring procedures, as well as technical elements supporting the prevention, detection and remediation of problems.”
Healthcare companies must integrate their development, security and operations with environmental protection, the report advises. PHI and PII privacy laws and regulations and security guidelines for specialized data should be part of the organization’s culture.
He also advises companies to consider what markets (businesses, individuals, locales and jurisdictions) they will be in. Depending on the jurisdiction, its rules may follow the individual, such as a European citizen with data included in a US jurisdiction. Healthcare companies need to know the rules, regulations and laws that apply to their business, the report said.
As for the company’s system infrastructure, the report recommends implementing standards at every level, including development, testing and manufacturing.
“Consistent imaging, the use of the same services and commercial products, and the same architectures by each developer reduces risks, whether the IT product is product or developed software.”
For more information on best practices for maintaining a secure health data environment, fill out the form below to download the white paper, Protecting and working with health data environments.
picture: Leo Wolfert, Getty Images