Don't Lose It All. 3 Non-Negotiable Security Measures for your Clinical Info Systems

Health data breaches = Lost $$$, lost patient data, government scrutiny, lost patient and public trust, HIPAA fines, pain, stress, and lots of should haves, could haves, and would haves.

Save yourself the pain and implement at least the three following security measures in your organization.

Firewalls

Firewalls control incoming and outgoing traffic based on an applied rule set. They commonly prevents users from navigating to untrusted sites and sites that may not be secure or may pose a threat to the network. They can intercept traffic at the network/packet layer, the application layer, or via proxy.

Virtual Private Networks

Virtual Private Networks, or VPNs extends the benefits of a private network across a public one (lilke the Internet). Using a VPN ensures that your internet connection is secure and all sent and received data is encrypted. This is done through “tunnelling” to encapsulate packets sent between the two networks.

VPNs are commonly used by employees to access corporate data and intranets regardless of geographical location, those who like to browse the internet without the thought of prying eyes, those who many need an IP address from another country to get around location-restricted content, or those who just like their privacy and security.

Encryption

Encryption encodes messages so that only those authorized to access the information may do so. Encryption encodes plaintext into ciphertext using a psuedo-random encryption key. Encryption keys and decryption keys specify how the transformation between plaintext and ciphertext occurs.

In symmetric encryption, both computers have the same encryption and decryption keys. Meanwhile, with public key encryption, only the receiving party may decrypt data using a decryption key. So, in this popular type of encryption, public keys encrypt data and private keys decrypt data.

Security Best Practices

Of course there is more you should do, but at the minimum, your network should maintain at least the following best practices when it comes to security.

• Encrypt your data
• Do not allow removable media on your network
• Use SSL on your website and scan daily for threats
• Use spam filters
• Install and use a comprehensive security solution (antivirus, firewall, intrusion detection, etc)
• Encrypt your data
• Keep up-to-date on security patches
• Train your personnel on security and commonly used tactics like social engineering
• Implement Data Loss Prevention and systems audits to watch inflow/outflow on your network
• Did we say encrypt your data yet?

Proactive Security Measures