By: Brian Lapidus, Senior Vice President of Kroll Fraud Solutions, www.krollfraudsolutions.com
Guest Blogger on Healthcare Blogmatica

The fact of the matter is that patients – and the law – demand that healthcare companies protect highly sensitive information from every possible threat. But in-house security options just can't keep pace with rapidly growing risks. After all, anti-virus software won't stop someone from taking medical records. A firewall can't help retrieve a stolen laptop.  Below, I answer several questions that every healthcare organization should know.

Sensitivity of data - The   healthcare industry is responsible for maintaining its patients' most   sensitive Personal Health Information. PHI is a treasure-trove for identity   thieves.

 

Immense Data flow (masses of data flowing   in and out) - A primary reason healthcare data security breaches   occur is because facilities do not know where all instances of their patients'   sensitive or confidential information resides within the network. Moreover,   the danger does not stop at the hospital perimeter, but includes vendors that   share or receive the data, as well as employees' and contractors' laptop   computers and other portable storage devices.

Portability/Usage of EPHI (Electronic   Protected Health Information) storage devices - Improvements in   technology and the portability of patient data come at a cost to security. Devices used to store and access PHI include laptops; home-based personal   computers; Personal Digital Assistants (PDAs) and Smart Phones; USB Flash   Drives and Memory Cards; floppy disks; CDs; DVDs; backup media; Email; Smart   cards; and Remote Access; not to mention hotel, library or other public   workstations and Wireless Access Points (WAPs).