Peter Killcommons is the founder and CEO of MedWeb in San Francisco, CA. He is a member of the American Medical Association and the American Telemedicine Association. With over 30 years of professional experience, Peter "Pete" Killcommons understands the various strategies facilities can implement to secure their data.
Healthcare facilities should implement data access controls to protect patient health information (PHI). Access controls ensure only authorized personnel and suitable applications interact with protected data. Multi-factor authentication, such as passwords, key cards, and biometrics, is a common feature that effectively restricts access to unauthorized parties.
Data usage controls can also secure healthcare information. These controls identify and flag malicious activities, blocking them in real time. They can mitigate attempts by restricting parties from uploading data online, sending unauthorized emails, and printing or copying information to external storage devices.
Besides, facilities can encrypt their data in motion and at rest. Encryption involves changing the data format to ensure unauthorized personnel cannot decipher it even if they gain access to PHI. Deciphering requires a special key that is only available to authorized parties. Data encryption ensures uninterrupted information sharing within the facility during suspected data breaches. Experts in healthcare information technology can recommend an appropriate encryption method after assessing the facility’s workflow and information needs.