Six essential components of a strong security program to protect electronic patient data in a healthcare practice

1. PRACTICAL APPROACH TO PATIENT
DATA SECURITY
(a quick primer)
Sameer Sule
Healthcare Technology Consultant
KINARA | INSIGHTS
creating value through technology

2. ePHI: Security Rule Compliance


Don’t assume that if the technology is
compliant, the organization is also compliant.
Compliance is achieved by a combination of:






2/24/2014
Technology
Policies and Procedures
Documentation
Employee Training
Strict enforcement and sanctions
Regular review and updating
www.kinarainsights.com
2

3. The Big Picture
2/24/2014
www.kinarainsights.com
3

4. Six Essential Components

Risk Analysis



Identify threats & vulnerabilities to ePHI
Implement measures to mitigate threats
Systems and Network Management


Monitor computer systems and network
Proactively detect potential security and
maintenance issues
2/24/2014
www.kinarainsights.com
4

5. Six Essential Components

Contingency Planning




Data backup plan
Disaster recovery plan
Emergency mode of operations plan
Mobile Device Management


Protect ePHI on laptops, smartphones, tablets,
USB sticks etc
Enable encryption, device tracking, remote
data wipeout
2/24/2014
www.kinarainsights.com
5

6. Six Essential Components

Policies, Procedures & Training




Develop clear written policies & procedures
Conduct regular data security training for staff
Enforce policies
Periodic Testing & Revision


Review security plan regularly
Update plan as needed to accommodate
changes in technology, people/processes
2/24/2014
www.kinarainsights.com
6

7. A practical approach to data security

Don’t do everything all at once

Take a step-wise approach

Start with a comprehensive risk analysis

Build a strong foundation
2/24/2014
www.kinarainsights.com
7

8. Data security and compliance

Requires planning
Needs to be meticulous
Takes coordination between people in
different departments
Requires an investment of time

Is on-going



2/24/2014
www.kinarainsights.com
8

9. Implementation

Do it yourself or get outside help

Customize policies to your organization

Implement reasonable and appropriate
security measures for your organization
2/24/2014
www.kinarainsights.com
9

10. THANK YOU
CONTACT
Sameer Sule
Healthcare Technology Consultant
Author: “Protecting Electronic Health Information: A Practical Approach
to Patient Data Security in Your Healthcare Practice”
Amazon: http://www.amazon.com/author/sameersule
Blog: http://www.kinarainsights.com/blog.html
Linkedin: http://www.linkedin.com/pub/sameer-sule/7/b1b/511
Twitter:@sameersule
2/24/2014
www.kinarainsights.com
10