MFT Nation routinely reports on the world of cybersecurity, but October is special for bTrade because it is National Cybersecurity Awareness Month. As part of its cybersecurity awareness efforts, MFT Nation wants to share information from a data breach report released by specialty insurer, Beazley Insurance Company, related specifically to the US healthcare sector. Beazley’s report examines the major causes of data breaches reported by healthcare insureds in the first nine months of 2017.
The good news, at least from the perspective of a data security software company like bTrade, is that the cause of most breach incidents is “human error.” Beazley found these incidents typically involve an employee viewing patient records without a work-related reason to do so—e.g., looking at a celebrity patient’s record or the record of an ex-spouse or neighbor—and that these “employee snooping” incidents are often discovered by “audits run on the electronic medical records system.”
The Beazley report correctly notes that “increased employee vigilance and auditing will help organizations identify such behavior early on, reducing the number of affected patients and hopefully lessening the likelihood of regulatory inquiry.” And as a reminder, bTrade’s TDXchange software powers electronic medical records systems and has robust “audit” capabilities, including the ability to view all activity conducted within the system and generate a number of reports based on your defined criteria.
The second most frequent reported cause of healthcare data breaches is “hack or malware.” The Beazley report correctly notes that encryption is one of the best preventatives for hack or malware. As a reminder, bTrade software has the encryption strength required by the US federal government.
One final note about the Beazley report. The authors surveyed enforcement actions brought by the leading federal government agency responsible for HIPAA oversight and enforcement and offered this observation which may be of interest to our MFT Nation readers:
“But with the increase in OCR’s resolution agreements, a trend of OCR’s hot button issues has emerged. Organizations should review previous resolution agreements (all of which are available on OCR’s website) and familiarize themselves with what OCR considers to be best practices, such as: device encryption; workforce education and training; updating of policies and procedures; the elimination of old data; security risk assessments; risk mitigation plans; vendor management and using the minimum amount of PHI.”
To learn more about how bTrade can help you secure ALL aspects of your critical data, please contact us at email@example.com.