Defend against the data breach in 2018.
Here is a few suggestions from the Healthcare Security Data Checklist
- Information security. The organizations you work with should have strong information security programs, ideally aligned with the ISO/ISE 27001:2013 standard. This standard spells out how an organization can establish, implement, maintain, and improve its information security system. It also includes tools to assess and address organization-specific risks. Be certain this framework takes other regulatory requirements into account, including those spelled out under the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and the Personal Information Protection and Electronic Documents Act (PIPEDA).
- Expanded SOC 2 audits. The SOC 2 audit process gives you some peace of mind that client data is being safeguarded properly. For added assurance, request the SOC 2 report be customized to include HITRUST CSF criteria, which is used to measure and certify an organization’s security management program. This can help confirm organizations are meeting these criteria, which some now refer to as the gold standard for healthcare information security.
- Logical user access control/management. Cut down on the potential for internal security breaches by putting logical access control/management in place for your business partners. Make sure access to systems storing confidential or private information is granted on a privilege basis. Staff members should only have access to the information they need to do their jobs.
- Change management. A formal enterprise change management process keeps problems from slipping through the cracks. Changes should be entered and communicated and back-out plans documented, tracked, tested with appropriate documentation, reviewed, approved, and implemented.
Read the full story at RRD, a post from RRD’s Mark Matheis, regional privacy manager, U.S., and Rosario Sosa, senior director, IT Governance.