Insider Threats: A Mitigation Strategy

Expert Advice on Safeguarding Records
Stevie Davidson
Ramping up efforts to mitigate insider threats needs to be a top 2014 priority at healthcare organizations as electronic health records become more ubiquitous, says privacy and security expert Stevie Davidson, who provides practical insights.

"The access to protected health information is getting easier and easier," says Davidson, CEO of Health Informatics Consulting. So it's urgent that organizations of all sizes improve workforce training on appropriate access to electronic health records and other aspects of maintaining patient privacy, she stresses. Plus, hospitals, clinics, insurers and others need to stress the sanctions they'll impose for inappropriately accessing patient information, she adds.

"Internal compliance is one area that's not looked at as closely as others" when it comes to the privacy and security of patient data, she says in an interview with Information Security Media Group.

Organizations need to go beyond initial HIPAA compliance training and send out "constant reminders" to the workforce, she says. And she also calls for working toward building a corporate culture where all staff members know they can feel comfortable reporting insider threats or other potential breaches. She describes a client who has "a secure line internally" for staff to report non-compliance issues.

In the interview, Davidson also discusses:

  • Mistakes that covered entities and business associates often make in their HIPAA compliance efforts, including over-reliance on software vendors;
  • Why a comprehensive security risk assessment is a fundamental step;
  • Advice for complying with the HIPAA Omnibus Rule's breach notification provisions.

Davidson has more than 20 years of experience working with the healthcare, software development and compliance issues. The consultant is also a governor-appointed member of the New Jersey State HIT Commission and co-chairs its Privacy and Security Policy Subcommittee.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.