Now is the time for privacy and security collaboration

Of all the lessons learned from last month’s Equifax data breach, one feels particularly resonant: it’s unwise to assume that companies have implemented the full breadth of safeguards, protocols, and breach response plans we might expect of them.

In healthcare, it reflects an even scarier reality: healthcare organizations generally lag behind other industries when it comes to investing in solutions designed to protect sensitive patient data, despite the fact that electronic health records serve as a unified location for our most sensitive information, like diagnoses, Social Security numbers, and family medical histories.

Last week, Erika Barber, Privacy Manager at Massachusetts General Hospital, and Dan Bowden, CISO at Sentara Health, joined Protenus Co-Founder and President Robert Lord for a webinar conversation about how privacy and security teams can work together to safeguard patient data, decrease organizational risk, and prevent health data breaches.

Learn strategies you can begin implementing now to avoid this sort of disastrous event. Hear from leaders at Sentara Health and Mass General Hospital about how privacy and security teams can work together to build patient trust.

On the webinar, Lord discusses what he calls the trust assurance framework, which he and the Protenus team developed from talking with hundreds of healthcare systems around the country.

Trust-assurance teams leverage privacy and security resources

Due to the way that HIPAA divides privacy and security responsibilities, these two teams have traditionally tackled HIPAA-related activities in silos, privacy being responsible for activity monitoring and breach investigations and security responsible for network monitoring device management, for example. However, the presenters explored how within each of these categories, privacy and security teams both have a great deal of expertise and unique skills to bring to the table.

How privacy and security can share activity responsibilities

The presenters recognized that institutions are at different stages in their privacy-security collaboration journeys, some just beginning and some having streamlined inter-team collaboration. To address this, presenters shared actionable tips for making improvements regardless of where they are. Some especially valuable recommendations included:

  • The importance of having regular meetings and sticking to them, and ensuring that people on each team know their counterparts, a practice that Bowden enforces across his team
  • Addressing device and role management initiatives together, areas that Barber explained are especially ripe for collaboration
  • Proactive behavior monitoring in the EHR inherently involves engagement from both teams. Lord stressed that when evaluating solutions, it’s essential to understand the requirements and time commitments of each team

This is just a taste of the interesting back-and-forth that unfolded during this hour-long conversation. Watch the full webinar to learn steps your organization can take now to better protect patient data.