On January 2, 2018 news broke that a major security flaw resided in a chip used in most if not all computer processors. This included every device that was made since 1995 which uses Intel CPU. In addition, there are many elements of the exposure which have still yet to be reveled to the public. What we do know is that there are two which have become public knowledge via by the Google Project Zero security research team, Meltdown and Spectra. Meltdown could be combated with a Windows KB4056892 update which should be a quick fix. Spectre, will be much harder to shield against, with most industry analysts agreeing that a chip restructure will be required. This means that the PC or device which your reading this article on is most probably defenseless against Spectra.
With all the vulnerability how do we protect our healthcare organizations EHR’s and patient data base?
First thing would be to make sure you know what to do in case of a data breach or exposure and sign up for a breach reporting and privacy compliance service. This way you can be in line with the law when your patient’s data is compromised. Each state has a different requirement and the fines vary according to the jurisdiction where your organization resides.
Once the healthcare facilities are prepared, it should begin thinking about moving to the cloud. The cloud is a computing module in which data is stored on remote servers. Though the cloud your data will now longer be localized to one network but rather be independently secured on remote servers throughout the world. True, there are vulnerabilities on any level, but the chances of exposure are reduced by 99%. When organizations systems are all linked to one network and there is a data breach, everything is exposed. When using cloud storage, threats to the processors becomes irrelevant because that’s not where the data exists.
What happens if some one gains access to the cloud?
That’s bad, it’s like someone having access to your online banking. It’s for this reason that MedAssure suggests its medical waste clients getting a third party which are referred to as managed security service provider (MSSPs) and cloud access security brokers (CASBs). Its their job to keep transaction logs to identify suspicious behaviors. Through hiring a reputable company, they will be the 24/7 security guard of you cloud storage software.
Imperativeness of Maintaining HIPAA compliance
Healthcare organizations need to become educated quickly on the data protection requirements by HIPAA. Make sure you have access to the material or get affiliated with a compliance program that clarifies the HIPAA requirements for patient heath information protection. Being on the wrong side of HIPAA compliance can mean hefty fines of up to $475,000.
On January 8, 2018 toy maker, VTech reached a settlement of $650,000 child privacy rule violations. The company failed to gain parental consent before collecting and using information of hundreds of thousands of children. The law which impacted VTech was the Children’s Online Privacy Protection Act of 1998 (COPPA). HIPAA requirements work on the same dynamics in that if the subject’s personal info is exposed it’s the responsibility of the beholder to had made sure it was secured. Failing to comply will result in fines that could paralyze an organizations financial infrastructure. Even if the court rules in your favor, the expense of legal fees and other headaches could ruin operations.
In conclusion, we here at MedAssure are not here to scare you and not telling you what to do. We want you to understand that when you play host to PHI it’s a dangerous asset. It must be seen that in the upcoming months there is a plan in place to know how to respond and more importantly how to protect. We hope you get data safe and secure your systems properly for your facility to run safely and efficiently. The cloud may or may not be for you, but ask an acquittance or professional to best position your self if a data breach were to occur.