Five Security Tips Every Healthcare Provider Should Know

Houston Medical Times June 2015

Adam C. Solander, a Member of the Firm, and Evan J. Nagler, Associate, in the Health Care and Life Sciences practice, in the firm’s Washington, DC, office, authored an article in Houston Medical Times, titled “Five Security Tips Every Healthcare Provider Should Know.”

Following is an excerpt (see below for a PDF of the full version):

Data security is more important than ever. Network attacks are on the rise, and nobody wants to be the next big headline because of a data breach. The consequences of a breach are significant: reputational harm, lawsuits, government enforcement actions, and costly remediation efforts. Providers should understand their risks so they can take appropriate steps to protect themselves. To that end, here are five of the most important actions for healthcare providers can take to prevent and mitigate the effects of a data breach. …

In addition to a risk analysis, HIPAA requires that organizations implement physical, technical, and administrative safeguards to reduce risk to a reasonable and appropriate level. Thus, organizations must conduct technical testing as part of the risk assessment process. Generally, organizations should conduct regular vulnerability scans to determine whether their software is up-to-date and their configurations are appropriate. Additionally, penetration testing, should be conducted at least yearly to determine whether the provider’s environment is vulnerable to external attack. These tests will provide useful feedback which can be used by your internal IT security and compliance teams to implement appropriate technical safeguards to protect PHI.