Data security and HIPAA guidelines: A delicate balance

By John DeGaspari

How can healthcare organizations reassure patients that their personal data is secure, while also satisfying their demands for quick and easy access to their own data? In a recent interview, Chris White, head of commercial data protection services at Booz Allen, offered tips to healthcare providers trying to balance health data security with HIPAA requirements.

White says in the HealthITSecurity interview that maintaining data security is absolutely critical at the patient, doctor and provider organization levels. Each has to take a focused approach. That involves understanding what data is most important and putting a risk evaluation behind that to prioritize protecting different types of data. Providing encryption across the data life cycle is important, too.

Nonetheless, providers have to realize that a breach is inevitable, and it's crucial to understand what's going on with data inside the network.

White says HIPAA needs to change with regard to the level of accountability for organizations from a regulatory standpoint, and how much investment they need to make in structuring the appropriate data protection program.

Public heathcare agencies are not immune to data security issues. On April 21, the Texas Department of Aging and Disability Services inadvertently made Medicaid patients' information available online. The breach impacted about 6,600 people.

Against those existing risks, technology continues to move forward, White said, noting that the proliferation of mobile devices is adding another layer of risk for potential cyberattacks.

To learn more:
- read the article