How to Assess the Security of Your Healthcare Technology

January 19, 2021 | By Wendy Bartlett

How to Assess the Security of Your Healthcare Technology

Maintaining your patient’s healthcare records online means that they must be kept secure from cybersecurity threats. However, protecting against data breaches and cyber attacks proves incredibly challenging for healthcare organizations, time and time again. 

According to a Black Book Market Research survey, 96 percent of IT professionals agreed that data attackers are outpacing their medical enterprises and putting providers at a disadvantage when it comes to responding to vulnerabilities. What’s more, 90 percent of healthcare organizations report having experienced a data breach in the last four years, and more than 180 million medical records have been stolen since 2015.

Clearly, cybersecurity remains a significant problem for healthcare organizations of all shapes and sizes. With that said, practices can reduce the risk of a cyber attack and protect against security threats by doing due diligence and taking proper precautions—which includes enforcing robust security protocols and carefully vetting healthcare technology partners before implementing their solutions.

Here are five key questions to ask potential healthcare technology vendors to ensure they meet the security practices required by your organization:

1. Are you compliant with HIPAA and HITECH regulations?

One of the first and most important questions to ask potential healthcare technology vendors is about their compliance with regulatory requirements. The Health Insurance Portability and Accountability Act (HIPAA) is federal legislation that provides healthcare data privacy and security provisions for safeguarding patients’ medical records. HIPAA laws have become more prominent in recent years amid countless healthcare data breaches caused by cyber attacks.

In addition to HIPAA compliance, the healthcare technology vendor you’re assessing should also be compliant with the Health Information Technology for Economic and Clinical Health (HITECH) regulations, which was introduced in 2009 to promote the adoption and meaningful use of healthcare technology such as electronic health records (EHRs). HITECH also strengthened HIPAA enforcement by increasing fines and penalties for noncompliance.

[Infographic] Discover why a full suite of tools beyond the traditional patient  portal is necessary to truly drive engagement and satisfaction.

2. How is healthcare data stored, encrypted, and backed up?

Another essential question to ask your potential healthcare technology partners is how they’ll protect your data. Do they use separate web servers? Will data be stored in the cloud? Does the vendor use private firewalls? What are their encryption standards? Will they store copies of the data, and if so, where? Will the company use a VPN to offer remote access, and if so, how will that be protected? 

By learning as much as possible about the technical details, you can move forward with confidence in your vendor’s ability to protect private healthcare data.

3. Do you have a policy in place should a data breach occur?

The hope is always that private data will never be compromised—but should a data breach occur, it’s important to know how the healthcare technology vendor in question will proceed. Do they have a policy in place should a cyber attack take place? Also, what’s the vendor’s history with cybersecurity? Have they ever had a data breach before? 

Knowing their policies (and history) regarding security threats will help you gain peace of mind and ensure you’re well-equipped to deal with a data breach should you experience one. Plus, learning that your technology partner has a perfect track record will go a long way in easing your concerns and assuring you that your patients’ data will be safe and secure.

4. Will you provide training for my practice’s employees?

A 2019 Kaspersky report revealed that nearly 1 in 4 (24 percent) healthcare workers have never received cybersecurity training—which is obviously less than ideal. Along with training your practice staff on the ins and outs of cybersecurity, it’s also important they are thoroughly trained in and comfortable using any new healthcare technology you adopt. 

With comprehensive training in advance of using a new system, your team will be better able to enter and access data in a safe and secure way. Additionally, the right training can prevent unnecessary data breaches and other potential security complications, so it’s really a win-win!

5. Does your team provide customer support as needed?

It goes without saying that your vendor’s staff will be trained in their own technology—but are they knowledgeable about HIPAA compliance, security protocols, and data encryption? Are they familiar with cybersecurity and the best ways to protect against attacks? A staff with comprehensive training on both the technology and the security protocols that protect it will help avoid unnecessary risks due to a lack of information. 

Plus, you’ll know that should you run into a potential security threat or complication, your healthcare technology partner will know exactly how to handle the situation and provide much-needed support for your organization in a time of crisis.

These questions are just a few of the must-asks when evaluating potential healthcare technology partners for your practice. By taking the right steps and asking the right questions in advance of implementing new technologies, you can rest assured that both your healthcare practice and your patients are in the best, most-secure hands possible. In other words? Hackers, begone!

Why Patient Engagement Requires a Platform