Is the Biggest Risk to Data Security in Healthcare Often the Most Overlooked?

Protecting data in any healthcare organisation is no easy feat. Healthcare providers and their partners must balance protecting patient privacy with delivering effective patient care whilst simultaneously meeting strict regulatory requirements around data privacy.

Because protected health information (PHI) is among an individual’s most sensitive (and for criminals, valuable) private data, the guidelines for healthcare providers and other organisations that handle, use, or transmit patient information include strict data protection requirements that come with significant sanctions if they’re not met. While this challenge is widely recognized, why is it that securing the integrity of sensitive data as it moves within, into, and out of healthcare organisations, remains an often-overlooked vulnerability?

Of course, sharing information is a fundamental requirement and function of any organisation, without which they couldn’t operate, but when that information is of the most sensitive personal and clinical nature, leaving its security to chance is not an option. From the humble email attachment through to automated machine-to-machine transfers at scale, healthcare providers face a perhaps unique set of risks that they are obliged to address with penalties for failure. As these functions must proceed for the organisation to operate, they must be wrapped in effective security measures regarding their adoption and technical functionality. 

Because of the significant risk involved with failing to secure PHI properly, many healthcare providers turn to specialist security partners who build, manage, and maintain a security apparatus commensurate with the nature of the threats facing PHI. A key component of creating a viable PHI security strategy is determining how data is moved, whether by individual users or as part of some automated process. Best practice dictates that healthcare organisations can ensure that technology is deployed to encrypt that data both at rest and in transit – regardless of how it is actually transferred. A FIPS 140-2 compliant solution that addresses all possible transfer use cases guarantees the organisation’s sensitive data integrity, while a management capability provides auditable visibility into the actual process itself. A comprehensive log of all aspects of any transfer provides transparency into the process, and rich error control further reduces the risk of data loss or any part of a transfer process failing.

But having rich and functional technology deployed still has limitations – especially when it comes to transfers undertaken by individual users. Deploying technology that is intrusive, unintuitive, or simply burdensome to use inevitably results in users bypassing it somehow, which immediately introduces the specific security risks it is meant to eliminate. So, as well as adopting technology solutions that are functionally robust, effective, and efficient, this technology must also be easy to consume by individual users. It should entirely, or as closely as possible, replicate the processes and procedures users are familiar with so that its adoption and use are entirely seamless.

Progress actively supports and works with organisations that partner healthcare providers to provide security for their sensitive data. Progress MOVEit is the trusted secure file transfer platform deployed by systems integrators, service providers, and other technology providers worldwide. Numerous organisations across the healthcare sector value MOVEit because of its proven track record delivering unparalleled levels of security for data at rest and in transit, as well as its ease of adoption by both IT and operations teams alike.

David Martin works with service providers, consulting organisations, and systems integrators to collectively help healthcare organisations deploy technology that secures their most sensitive data. To learn more, contact David at dmartin@progress.com.