With data breach reports sustaining to top headlines, hospitals and other healthcare agencies are entering into their data security attempts. IT staff are working diligently to make sure the EHR systems, accounting systems, and other patient-related software systems are protective.
Meanwhile, with the concentration significantly on patient data, one-off areas such as credentialing and enrollment are being overlooked, and that is putting contributors—and their identifiable data—at risk.
It is obvious that more attention requires to be paid to securing providers’ data. Perhaps it seems a little counterintuitive—after all, if hackers are going to spend their time going after data, it would seem that, on a numbers basis, they would go after the data of millions of sufferers versus a few hundred or a thousand contributors.
Although, as patient data becomes more secure, over time, hackers will be seeking for other low-hanging fruit and offer data will become more persuasive because it will need less attempt to obtain. Moreover, from an identity perspective, doctors are high-value targets because they are more likely to have greater credit ratings.
So while hackers will not acquire as huge of a payday in terms of the sheer volume of data, there is still value in contributor information, specifically if going after a contributor needs primarily less attempt. This is why healthcare agencies require looking beyond merely securing sufferer data and start involving contributor data in their security policies.
The threat of hacking grows when an agency has several systems storing data pertaining to contributors. Because most large health systems employ thousands of contributors, it is convenient to see how depending on one-off files from office productivity applications, such as Word and Excel, to handle credentialing and enrollment can expose an agency to risk, because control over these documents is immensely difficult at best. And with no controls in place, it is not possible to keep a worker from taking a file with contributors’ information, like Social Security numbers, key demographic information, and more. Mobile devices, like laptops also are at danger for containing contributor data.
When data sits unprotected on an individual or network computer, it is also more susceptible to hackers. From an external hacker scenario, it is simply a numbers game before unprotected data is compromised. It merely takes 1 worker to open an attachment that is carefully designed to enable outside approach to unprotected files stored either on a network or the worker’s individual computer.
Another place in which security, and control, is overlooked is when provider data is electronically shared with payers and policies. Most agencies lack a secure bridge to transfer data between a health system and policy. As a result, contributors are at threat when their data is shared in an unsecure manner, like by email.
It is time healthcare agencies add contributors to their data security attempts. A significant 1st step is moving provider data off of one-off files and onto a secure comprehensive contributor data system. With a single place to store and approach contributor enrollment data, it is primarily convenient to maintain control over data.
Here are few simple steps that an agency can take to better protect provider’s data:
- Make certain policies and processes are being followed when it comes to contributor data. Agencies without policies in place for storing, accessing and sharing contributor data must establish them instantly.
- Consider switching to comprehensive contributor enrollment software. For agencies that already have a contributor enrollment system, make certain that the system encrypts contributor data, both when it is transferred and when it is at rest.
- Make certain all transmission of contributor data is secure. This may mean utilizing a secure portal instead of email to transmit data to policies.
Provider agencies already spend considerable sums pursuing contributors and keeping them happy. As such, it is significant to consider the affect of a breach of contributor data. Having a secure system in place to secure contributor data will not be a recruitment incentive nor will it be a competitive differentiator, it is hoped. Regardless of the industry, when a worker offers their personal data to an employer, they hope that data to be safe. Regrettably, when it comes to contributor data that is rarely the case.
Credentialing and contributor enrollment processes need providers to share key amounts of personal and professional information. Putting processes and methods in place to safeguard this data and getting contributors properly enrolled up front will help ignore problems later.
No comments:
Post a Comment