DoD and VA healthcare providers are responsible for managing and protecting some of the most sensitive data, which unfortunately makes them a valuable target for hackers. Patient information often includes addresses, birth dates, social security numbers, and credit card information – in other words, an identify thief’s idea of heaven. And this personally identifiable information (PII) is becoming more and more vulnerable. The sobering reality is that healthcare data breaches are on the rise, with recent research showing a 138% increase since 2012. It’s an issue that extends beyond the commercial sector, as our nation’s Federal health organizations face the same challenges in securing the PII data of our nation’s servicemen and women.
Data protection can be an enormous IT challenge, and regulations like HIPAA and HITECH help ensure best practices. To comply with the standards and ultimately protect sensitive health data, Federal and military health agencies require the latest data protection tools, particularly as more and more systems move to the public cloud. Below are three key areas that organizations should be thinking about as they embark on health data strategies:
1. Encryption: Critical to any healthcare IT environment, safe harbor laws require an organization to prove that its devices were encrypted at the time of a data breach. And it doesn’t just apply to devices. Smart agencies will make sure that information is protected from the data center all the way to mobile phones. In addition, they’ll ensure that they are using the correct encryption approach to address a specific requirement, rather than a generalized solution
2. Disaster Recovery: Organizations should also prepare for outages – whether caused by a natural disaster or human error – to avoid government fines and penalties. To comply with HIPAA and HITECH regulations, organizations must be able to fully recover from an outage within a matter of hours, not days. Virtualizing IT environments is a great way to enable continuous availability because it allows for easy mobility from one physical system to another. EMC’s VPLEX, for example, is a continuous availability and data mobility platform that enables mission-critical applications to remain up and running during a variety of planned and unplanned downtime scenarios, even in the event of a data center site failure
3. Backup: Lastly, consider a disk-based, centralized backup system for better control of your data and a greater chance of meeting regulatory requirements. HIPAA and HITECH require entities to store backup copies of data offsite, which can be challenging for many. And with the digital universe expected to grow by 40% between 2012 and 2020, military health organizations must be able to back up all of this data within a reasonable timeframe. One proactive tool is EMC’s Isilon Data Lake, enabling agencies to better manage, protect, and analyze large pools of unstructured data
For a strong HIPAA and HITECH compliant health IT security strategy, these three key areas will lay the foundation. While these standards may pose unique challenges for different organizations, the core of this is simple – protect the sensitive data of our servicemen and women and their families. For more information, check out our recent whitepaper on the topic.