During the upcoming Thanksgiving holiday, many of us will likely spend some time watching football on TV, especially here in Texas where football is almost a religion.
During the games, you might hear the TV commentators spout the cliché that “defense wins championships.” While that cliché might be true in football, it’s also true with data security, with championships in this case being safeguarding patients’ protected health information (PHI) and hospital data from accidental or criminal breaches.
In the spirit of the season, in four steps, or “downs,” here’s how your team can build a strong defense against data breaches.
First down: With a first down in football, there are still three more plays afterward to travel the 10 yards required for another first down, so you have a lot of options. Healthcare facilities need to identify the numerous places where information security and privacy is compromised, such as wireless medical devices, the Wi-Fi network, unencrypted laptops, or clinicians sharing PHI on their personal smartphones. Pinpointing these security vulnerabilities is the first step in mounting your defense.
Second down: In football, selecting the second-down play will be determined by the outcome of the first-down play. If your team barely moved the ball on that first down play, you’ll need to cover a lot of ground on the second down. If you discovered numerous security vulnerabilities, then you might have to implement several changes to protect vital data. For example, if your facility discovered clinicians using their personal smartphone to exchange PHI between each other, that’s a major security vulnerability that will have to be addressed.
Third down: This down in football is crucial because, in most games, it is your last opportunity to move the ball forward before punting the ball to the other team or losing possession in a failed attempt to get another first down on the next play. It requires a bold decision. Continuing the personal smartphone example, facilities may need to make a bold decision to protect their data by replacing the personal smartphones clinicians are using with a smart point-of-care mobile solution that enables their natural workflow efficiencies and offers clinical context around care-team communications.
Fourth down: In football, the fourth down is the final play for a team to get another first down, give the ball back to the other team, or score. Offering clinicians consolidated patient and care-team communications as well as other EHR data in a secure manner and enabling them to collaborate on smart point-of-care mobile devices is a great scoring opportunity and the best defense against certain data security breaches. With facility-issued devices, organizations can more rigorously monitor and enforce safety and privacy. Since the device is owned by the hospital and operates solely on its protected network, it decreases a number of security threats posed by personal smartphone use.
After you’ve enjoyed time with family and friends this holiday, I hope you’ll take a few moments to consider your organization’s data vulnerability around personal smartphone usage and your game plan for ensuring the security and privacy of your information and your patients’ PHI.