'IT TAKES A THIEF'

Ty Faulkner, Director of Business Development, QIP Solutions (HIPAA HITECH EXPRESS)
903
1528
303
Ty Faulkner, Director of Business Development, QIP Solutions (HIPAA HITECH EXPRESS)

Ty Faulkner, Director of Business Development, QIP Solutions (HIPAA HITECH EXPRESS)

Unfortunately, we live in a nefarious world when it comes to cyber attacks, hackers, malicious malware threats, and loss or theft of personal data due to computer breaches. Look at the recent announcement of a major breach at Anthem Health that potentially could impact 80 million records. Let’s face it, its time catch a thief! We must engage now to protect further loss of Protected Health Information (PHI) and organizations who aren’t do so must realize that “doing nothing” is not an option; nor was it ever an option.

So What can Organizations do to Secure Critical PHI?

Here’s what I told a group of healthcare executives recently at a major conference on this topic of securing PHI. I discussed that to protect personal health information we must think like a thief; so I’ll using analogies from a childhood TV show series that I often watched called “It Takes a Thief.” ™

The show was about a convicted cat burglar Robert Wagner known in the show as Alexander Mundy who gets an incredible offer he can't refuse from the United States government: If he puts his formidable thieving skills to work for them and steal for the government, then he'll be released from prison. Also Alexander's dad, Alistair played by the famous Fred Astaire would sometimes come out of retirement as a thief to help his son too on special jobs as well. So let’s have some fun and once again, I’ll use the TV Show series as a comparison to explain 3 basic steps organizations can do to catch a thief or prevent thievery of PHI.

Step One: Assess and Protect PHI

In the TV Show, “It Takes a Thief” valuable items the thieves took were worth thousands of dollars. So just like the TV show healthcare data has a priceless value that thieves want to steal and even more importantly PHI is life giving data. Organizations may need to start thinking like the TV series actor Mr. Mundy and think like a thief to protect valuable PHI and catch a PHI thief.

Protecting PHI involves thinking about how a thief could break policy or procedures in three key areas: Technical safeguards, Administrative safeguards, and Physical safeguards. I’ll discuss each safeguard below to illustrate a way to stop a PHI thief.

(1) Deploy technical safeguards like encryption, access controls, and monitor the organization’s network IP traffic.

(2) Vigorously train and sanction administrative safeguard policy violations. For example, set up and train online pass­words, electronic con­sent rights policies, and procedures for system

Business Associates (BAs) who aren’t regularly following the or­ganization’s policies.

(3) Publish and mandate physical safeguards such as not allowing unauthorized mobile or remote devices to connect by wireless, USB, or printer ports. Physically locking-up and storing securely out of site any portable devices like tablets, iPads, & accessible small electronic medical devices after use each day.

Thinking like a thief allows you assess and evaluate your organizations venerability’s, potential safeguard breakdowns daily, reduce negligent acts by employees and BAs, and create a necessary “heightened alerts” compliance culture for your organization before something bad happens.

Step Two: Find an Expert to Help Secure PHI

In the TV series, Al Mundy’s Father Alistair would join him on special jobs and together they were stronger. So too, when it comes to securing PHI organizations have to find the experts and use expert technology working together to secure PHI. Securing PHI is not a “do-it-yourself” exercise; nor is it supposed to be free of charge or even subsidized by other government agencies. Hiring experts with the right technology is just the right smart thing to do to secure PHI. This notion of getting expert help and using smart technology to secure PHI was recently commented on by our country’s new Chief Privacy Officer, Attorney Lucia Savage, she explained at Feb 2015 Annual ONC Conference, Savage said her idea of managing consent is to stop managing it and make it computable. She said, “Let’s make computers be able to do this so we can write privacy rules that software can capture. That’s my vision,” she called it “Computable Privacy.” According to Savage, capturing a patient’s consent choice on a piece of paper is interoperable. “We can have all the technical standards in the world, but if consent is with pen and paper, the whole system crashes to a halt,” she said. So like Lucia, I believe to catch a PHI thief organizations should get expert help.

Step Three: Leave No PHI Behind

My third and final analogy from the TV Series', happened in the third season of the show, another key actor Malachi Throne who played Mundy’s Secret Intelligence Agency (SLA) boss, Mr. Wal­lie Powers was replaced by Edward Binns, which may have im­pacted the shows future. As Throne explained: "They had this idea of shooting the whole season in Italy, but they wanted me to stay behind and give Wagner’s character orders over the phone. I told them if I didn’t go I’d quit, and I did” and the show ended after the third season. “The show was successful because the chemistry between Wagner and Throne, the two actors working together. This working together mentality seems to be necessary in order for or­ganizations and teams to secure PHI. Everyone in the organization including BAs must never leave PHI unprotected nor leave PHI behind unattended. The entire team must be on-board using project management skills, workflows, technology, creative ideas, team building, and accountability to make it all work together to secure PHI while catching a PHI thief.

Read Also

Moving toward Successful SSH Key Management for Greater Network Security

Moving toward Successful SSH Key Management for Greater Network Security

Matthew McKenna, CSO, SSH Communications Security
Journey towards Continuous Improvement

Journey towards Continuous Improvement

Chad Leverenz, VP-IT Infrastructure & Development, Mercy Housing
Listen and Communicate Effectively

Listen and Communicate Effectively

Paul Villani, Director of Network Technology, Hartford Healthcare
The 5g Container Ship: Loaded With Sliced Beams And Liferafts

The 5g Container Ship: Loaded With Sliced Beams And Liferafts

Mansoor Hanif, Director of Converged Networks and Innovation, BT