By Raj Ananthanpillai, CEO of InfoZen
Data security tops the list of “things that keep healthcare leaders up at night.”
Just ask the leaders at Aventura Hospital in Florida, which experienced three data breaches in two years.
The latest data breach lasted from September 13, 2012 through June 9, 2014, which is almost two full years without being noticed. The breach occurred when an employee from one of the hospital’s HIPPA vendors began to inappropriately access patient information, including patient names, dates of birth, and social security numbers. The employee stole the information of over 82,000 patients of Aventura Hospital.
According to a recent Ponemon Institute study, 91 percent of healthcare organizations have suffered a data breach in the last two years, and 40 percent have experienced more than five during that time. And while external cyber threats pose enormous risk, many healthcare organizations are even more vulnerable to threats from their own personnel. Many healthcare organizations reported that the data breaches they incurred were criminal attacks done by an insider. Unfortunately, the results are typically identity theft, fraud, or stolen intellectual property.
Insider threats pose a greater risk to healthcare organizations than ever before, and in this new security environment, the pre-hire background check isn’t cutting it. The current screening model only evaluates the risk of an employee before they are hired, and may not check again for years, if at all. The reality is that life circumstances change rapidly, and healthcare organizations need a screening model that evolves along with the changing risk of their personnel.
There is a solution to this problem: monitor your employees every day. Technology has matured to the point that it’s possible to proactively monitor personnel daily, and receive automated alerts when risks emerge. Sophisticated analytics can comb through mountains of public records data and notify organizational leaders when an employee has been arrested, filed for bankruptcy, or dealing with a stressful life event that could lead to increased risk.
In the healthcare industry this allows HR departments to meet accreditation standards, complex compliance regulations, best practices, reduce organizational liability, and reputation management. The daily monitoring of an employee in the healthcare industry will monitor licensure, sanction, and criminal history information, which can include FACIS Alerts, OIG Sanctions Alerts, GSA Excluded Parties Alerts, National Practitioner Data Bank Alerts, and Adult & Child Abuse registries alerts.
What does this mean for you?
By bringing all of the external data such as financial records and criminal records with internal data such as personal reviews and network activity, organizations can reduce their exposure to potential insider threats. Organizations are also able to maintain compliance through a legally defensible audit trail designed to meet critical regulations such as FCRA, FTC, and EEOC.
Traditional background checks aren’t good enough. They leave managers manually sifting through outdated information, and fail to evolve after an employee is hired. Healthcare organizations need an insider threat detection solution that’s as dynamic as their personnel. The risk to your organization’s reputation, and customer base is too high.