Safeguarding PHI: Overlooked StepsExpert Highlights Areas That Are Often Neglected
While covered entities and business associates are becoming more aware of the need to encrypt patient data at rest, they often overlook securing data as it's shared and received, says security expert Joe Meyer.
"We found that 60 percent of data on average [is] in locations than other its final resting spot," says Meyer, a healthcare practice leader at the consulting firm Coalfire, in an interview with Information Security Media Group.
Another mistake that many organizations make is collecting far more patient data than what's needed for a particular purpose. Too many healthcare providers say "if I just gather as much information as I can, into the biggest bucket, then I [can] just parse out what cups [of data] I need," he says. But collecting data that's not needed puts that information at unnecessary risk, he notes.
Healthcare organizations often struggle to appropriately collect and then securely safeguard data potentially used for research purposes versus other purposes, such as patient care, Meyer says. "That's one of the biggest issues we have."
In the interview, Meyer also discusses:
- The most underutilized technologies for securing patient data;
- The most important steps that covered entities and business associates can take to improve PHI security;
- Other struggles covered entities face in balancing confidentiality and integrity of patient data with making information readily available to clinicians to support treatment decisions.
Meyer, who is a director of Coalfire's healthcare practice in the Northeast, has more than 14 years of experience working IT in the healthcare, pharmaceutical, retail, finance, education and government sectors. Before joining Coalfire, Meyer was senior manager of consulting services at Solutionary, and held information security officer and director roles at West Corporation, Pfizer and AT&T Local Services.