Encrypting Healthcare Data for Your Business – Why HIPAA Isn’t Enough

As an employer, you have the responsibility to safeguard the sensitive information your employees have provided through their employment. This means salary information, personal data such as social security numbers, and health-related information. But maintaining the integrity of your employee data is a complex challenge for most medium and large businesses, as intersecting vendors, facilities, partners, and insurers must share the same data across different IT systems. While HIPAA compliance is designed to standardize that security process, it's up to your organization to further protect employee data or else face serious consequences.

Health Data Breaches Are Increasingly Frequent

According to the Breach Level Index, over 112 million healthcare records were exposed in 2015, a major increase from the 29 million exposed in 2014. The data lost due to "Hacking/IT Incidents" represented 21% of all breaches.

Furthermore, leading cybersecurity experts warn that 2016 will bring even more data breaches in the healthcare industry, with an estimated 1 in 3 recipients experiencing data exposure due to a breach.

What Companies Can Do

A report in the Wall Street Journal says that 55% of compromised records in California were exposed due to a failure to encrypt data, making things that much easier for malicious users to intercept and utilize personal information for monetary gain. Under current state laws, companies that encrypt information such as Social Security numbers and healthcare information, it's not considered a breach.

In addition to employing high-level encryption techniques for sensitive information, cybersecurity analysts recommend companies use multi-factor authentication standards for consumer-facing online portals and all other system access methods. These can help safeguard against accidental transfers, access, and unauthorized data breaches. These can also prevent phishing scams, which rely on users providing information like passwords and security questions to subvert system security.

Organizations should also implement standards for encrypted backups and data wipes in the event equipment is lost or stolen.

To learn more about securing your employees' sensitive healthcare information and improving your organization's health benefits package, consider contacting Capital Benefit Services for a complimentary assessment of your current solutions and an estimate for a modern, secure alternative.

Image source, labelled for reuse

No Comments Yet.

Leave a comment