Risk Management Education Series brought to you by Ankota and IronRisk Strategies, LLC
by Loch Curtis, IronRisk Strategies
In our previous article titled, Risk Management: Patient Data and Your Liability, we highlighted some eye opening statistics regarding the risk of having patient data getting into the wrong hands, either through a malicious cyber attack or through the improper disposal of paper files. Based on the responses we received, one of the biggest concerns for health care providers is the threat of a data breach.
The first step to the proper execution of a risk management plan is to first analyze and understand what the particular risks are to the organization. The nature of healthcare presents two particular vulnerabilities, or targets for those who want access to private data. They are:
Type of Data stored – Health care facilities not only store health related information, but also highly targeted information such as: social security numbers, financial data, bank account information, etc.
Multiple access points to data – Health care facilities often transmit data, or allow outside parties access to their data, through various access points such as external networks, web applications or something as simple as e-mail.
A good starting point for a health care facility to begin understanding the risks unique to their operations, would be to first step back from their business and evaluate these two vulnerabilities. Once you start gaining clarity on these issues, you can then begin to understand how you are prone to a breach of data, including but not limited to the following:
External Applications and Systems
E-mail lacking Encryption
Physical Loss of Information
Additional information regarding each of these items is provided in the attached Risks Insights article, “Protecting Patient Data by Preventing Cyber Attack.”
The biggest mistake I see businesses make regarding any Risk Management planning, is failing to start. The concept of Risk Management can seem daunting. But the key is to set aside some time and begin to understand a particular risk, and then create a plan to better manage that risk. For health care providers, the protection of private information is a great starting point.
In our next article, we will provide some insight into how a business can transfer this risk by purchasing insurance, and what to look for in these policies.