• Make sure you do regular assessments on your networks
• Make sure you educate staff on sensitive data handling, HIPAA and PCI compliance standards
• Ensure that you have a policy in place to address your response to any breach that occurs that includes:
° Timeframes that are acceptable by which you report the breach
° Timeframes that are acceptable by which you inform those affected
° Procedures you will take to address the breach and remediate the
problem
° How you will address continued education of
staff in contact with this type of data
“Finally, continuous risk assessment providers are
available for the continuous monitoring for breaches and other suspect network activity,” she explains. “One such company, BitSight (www.bitsighttech. com), uses security ratings to monitor events, diligence and user behavior in real-time, so threats and warnings to your network are immediate. You can continuously monitor third-party vendors and even open up portal access to prospective vendors, enabling them to remediate any security issues before connecting them to your network.”
Ongoing Assessment & Training
In addition to reviewing partners’ level of risk Kauten adds that providers should be continuously assessing themselves for potential data security problems.
“HME providers should be creating and updating policies to address newer technologies and the increasing cyber security threats,” he says. “Hiring third-party security experts to expose known threats and best practices is a must for healthcare compa- nies. Companies specialize in ongoing penetration tests where a white hat hacker (an ethical for-hire hacker) will attempt to breach your systems and give you a report of vulnerabilities.
And as new challenges crop up, providers will need to undertake new procedures and train IT staff employees accordingly.
“Training technology staff as well as front line
staff is a must,” Kauten says. “Employees who know how to handle situations can protect a company by creating a secure culture. If we compare this to TSA, they are working to educate Americans flying to help keep an eye out for suspicious behavior; employees should be protecting your HME store from suspi- cious activity as well.”
And then that staff can pass their knowledge, poli- cies and procedures along to the rest of the team to ensure the entire enterprise is secure.
“Our IT Department, along with VGM Education, works to ensure that our employees receive IT security awareness training. We also offer specially tailored training for HME providers,” Kauten says. “The training program includes professionally designed videos that are three to four minutes in length and provide cybersecurity training based off actual security breaches and real-life situations. Each episode is designed to reinforce security awareness and upon completion, each employee takes a quiz.”
Ultimately, how HME providers protect their business and patient data will be an ongoing work
Management Solutions | Technology | Products
in progress. As technology evolves, so will the threats, and so will the responses to those threat. What is clear is that providers must make data security a top priority and start shaping their data security strategies and programs now — before a breach can take place. n
Joseph Duffy is a freelance writer and marketing consultant, and he is a regular contributor to HME Business and its supplements. He can be reached via e-mail at joe@prooferati.com.
Cash in with
CareTend Point of Sale
Track sales with detailed reporting
Process HME/DME transactions in record time Use your own hardware and save
Grow your retail sales with CareTend.
Request a free demo today!
Mediware.com/POS16 1.844.787.3974
See us at Medtrade, Booth #621
hme-business.com | February 2017 | HMEBusiness 21