The top three key threats to healthcare data security in 2014 are mobile devices, cloud computing and healthcare data transmission.
That is the view of a panel of experts speaking at PHI Protection Network (PPN) conference earlier this month in Anaheim, CA.
Keynote speaker Joanne McNabb, director of privacy education and policy for the California Department of Justice Office of the Attorney General, made the case for laptop encryption as a first course of action.
"Many of the healthcare breaches reported to the California Attorney General's Office are of a type that could be prevented by the strategic use of strong encryption," said McNabb.
Another keynote speaker, Larry Clinton, president and chief executive officer of the Internet Security Alliance (ISA), suggested the frequent assumption that the primary threat to data security comes from individual hackers is simply misinformed.
"Organized crime has figured out the going rate for a full health record is approximately $1,300 per record," Clinton said. "That's a powerful incentive for malicious action."
Bob Chaput, founder and CEO of Clearwater Compliance, a national HIPAA compliance leader, noted that an organization cannot effectively prioritize tasks for risk mitigation until they evaluate the lay of the land.
"There is no substitute for starting with a comprehensive risk analysis which addresses the explicit factors laid out in the HITECH act," he said.
Hosted, sponsored and delivered by the industry experts – not by an association or specific vendor, the PPN conference featured keynote speakers such as Becky Williams, partner and chair of information technology and HIPAA practice at Davis Wright Tremaine; Mahmood Sher-Jan, VP & general manager of RADAR Business Unit of ID Experts; and James Christiansen, information risk management at Accuvant.
"The PPN conference provided an exceptional opportunity for healthcare security and privacy leaders to interact with national experts in a small group breakout environment," said Rick Kam, chair of the PPN organization, an interactive network of PHI protectors and solution providers.
"There is virtually no opportunity at most national privacy and security conferences to get this level of interaction with industry thought leaders to discuss solutions to the challenges unique to an attendee's specific organization."
PHI Protection Network (PPN), US, Joanne McNabb, Larry Clinton, Internet Security Alliance (ISA), Bob Chaput, Clearwater Compliance
