Employee Access and Patient Data Security

October 14th, 2015 by admin Leave a reply »

Recent research shows that some organizations have loopholes in data access which can cause patient data security issues.

Highlights of the research by IS Decisions are –

63 percent of healthcare staff are still able to logon to different devices and workstations concurrently.

49 percent of surveyed healthcare employees are required to manually logoff

30 percent do not have unique logins

46 percent stated that they believe their actions on the employer’s network can be attributed to them

57 percent of US healthcare staff said their organizations had formal agreements to security policies in their contracts

29 percent of surveyed healthcare professionals did not receive any security training when they were employed

55 percent of existing employees stated they received IT security training

34 percent of US healthcare staff are aware of their organization conducting regular security audits

73 percent of health and pharmaceutical employees said they have access to sensitive or confidential patient information

41 stated that they and their co-workers can see “a lot of” sensitive data

56 percent of IT practitioners said they believe their organizations place just a moderate to low priority on protecting company data, or no priority at all

“To take the standard of security training beyond the base level in on-boarding staff, it is sensible to include adherence to security policies within employee contracts,” the report stated. “This ensures a level of responsibility on the part of the employee, providing a line of culpability in the event that they take action to subvert a policy.”

IS Decision survey has lead to awareness among employee access.

“Healthcare organizations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients,” IS Decisions CEO Francois Amigorena said in a statement. “Information of this critical and confidential nature should only be accessible by authorized users and it really should not be a complicated process.”

Amigorena added that this goal could be achieved by properly implementing and combining access control policies, user identity verifying, and user activity auditing.

“The damage can be greatly reduced by managing data access permissions, making sure employees only have access to the data they need to do their jobs, and by monitoring for unusual activity,” explained Varonis Co-Founder and CEO Yaki Faitelson.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Leave a Reply