“Complete, current, and accurate information is essential for any organization in the healthcare industry.” This is the core belief of the American Health Information Management Association (AHIMA), a belief that has led to the creation of AHIMA’s Information Governance Principles for Healthcare. Released in 2014, the eight Core Principles created by AHIMA hinge on healthcare data security and data privacy, which we’ve examined before. The Principles make it clear that compliance is only part of the data responsibilities placed upon healthcare organizations. As we’ve outlined previously, being compliant does not mean your organization is safe, nor does it mean that you are immune to repercussions as a result of a breach.
Compliance Won’t Necessarily Protect You From a Data Breach
Regulatory compliance laws such as HIPAA are designed to hold organizations accountable, but they place the onus on organizations to protect the sensitive data they store. In the event that your “compliant” organization suffers a data breach, you may be exempt from government oversight and fines, but your organization may still face other legal recourse. And there are other negative outcomes that tend to follow any breach, such as loss of customer trust.
In Civil proceedings, it must be proven that an organization failed to take “reasonable steps” to preserve electronic data. In a post on the AHIMA Journal blog, former US Magistrate Judge Ron Hedges, JD, makes the argument that application of AHIMA’s Principles can help an organization prove that reasonable steps were taken to avoid the loss of data, thereby avoiding sanctions.
Protect Healthcare Data on the Move
As outlined in the post, the Principles advocate formal oversight and visibility into data and its governance. Through the application of these Principles, healthcare organizations can take further steps to protect their data using safeguards that can demonstrate security measures are in place and working at the time of a data breach. At Absolute, we also believe that visibility is key. How much of your data is on your corporate network, and how much has travelled beyond that network? More often now, healthcare workers are taking care of patients outside of the hospital, through home care programs, infusion clinics and travelling nurses. Minimize the repercussions following a security incident, and prevent a security incident from becoming a breach altogether by maintaining visibility over all your data, wherever it resides.
Through the application of HIPAA requirements and AHIMA’s Principles, organizations have a baseline for their security standards. These are sound principles upon which to build your data security strategy. But you also need to think about the technology solutions you will need to put your strategy into practice.
Absolute Data & Device Security (DDS) is the industry standard for persistent endpoint security and data risk management solutions. Ensure and prove compliance, maintain accountability and respond to appropriately to security incidents. Learn more about our healthcare solutions here.