Hospital IT leaders: Keep private patient data on-site

A key to preventing security breaches at a hospital is having controls in place that allow as little information to leave the system as possible, according to two IT leaders at Medical Center Health System.

Security Officer Brad Dummer and CIO Gary Barnes told the Institute for Health Technology Transformation that the 403-bed hospital in Odessa, Texas, has a virtual infrastructure that keeps information on-site and prevents data from being moved to outside devices.

The accounts of all outside users also expire every six months, they said. For users to regain access to their accounts, they must go through mandatory training.

"This helps assure that nurses and doctors' staff are not job hopping to different clinics and using their old access," Dummer and Barnes said. "It also gives us the opportunity to retrain them with HIPAA awareness."

The hospital also monitors outgoing documents for protected health information, and has implemented a secure email client for mobile devices.

Health IT leaders have touted the importance of risk assessment and agility to having a robust system in place to handle the high volume of security threat information.

At Medical Center Health System, to monitor for possible security threats, Dummer and Barnes said they have put in place real-time alerts and daily reports to track baseline activity. They also receive weekly Internet traffic reports.

As security of data weighs heavily on healthcare professionals, the National Institute of Standards and Technology has created draft guidelines to help organizations share information on cyberattacks. The black market for medical identity information is thriving, making it more important than ever for healthcare organizations to have the right systems in place to keep patients' data safe.

To learn more:
- read the article