The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) just released a brief on how to manage security incidents involving business associates, from ensuring policies and safeguards are adequate to being notified and responding effectively to a data breach. As the recent Ponemon survey revealed, many healthcare organizations and their business associates (BAs) are currently negligent in their handling of patient information, with insider threats and cyberattacks topping the list, with an unnecessary amount of “finger pointing” going on between healthcare organizations and BAs who should be doing more to protect data.
According to the OCR brief, covered entities believe they will not be notified of security breaches or cyberattacks by their BAs, another point of miscommunication that introduces additional risk to data security in healthcare. With the current level of infighting and lack of communication, it is difficult for covered entities to determine if the data safeguards and security policies of their BAs are adequate. The new guidance puts greater pressure on BAs to keep covered entities in the loop of any potential cyber attacks or other security breaches.
The OCR recommends that covered entities:
The new guide re-iterates the importance of visibility and a persistent connection to both the devices and the healthcare data they contain, no matter their location. In order to prove compliance, covered entities and BAs must be able to describe the kinds of data involved in a data incident and how that data was protected.
Absolute DDS for Healthcare provides valuable inside into all of your endpoints, so you can have accurate information on your fleet of devices, as well as the information they contain, with alerts for events and activities that could be precursors to a security incident. With Absolute DDS, you can help shine a light on dark data on the endpoint, helping you address the ever-prevalent insider threat, prevent or respond to data breaches, and prove compliance if needed. Absolute DDS for Healthcare is a comprehensive on boarding program which pairs our highest level of endpoint security with expert forensic support to respond to and contain security incidents. Learn more at Absolute.com