White House introduces new health care data security framework

The new framework offers another way for providers to  better manage their data security.

Faced with the challenge of rapidly adapting new technology to provide better care, the health care industry has struggled to create and adhere to comprehensive security measures, leading them to critical vulnerabilities. The Office of Civil Rights, along with the Department of Health and Human Services, reported over 200 health care data breaches in 2015, affecting over 100 million medical records. The industry has reached a critical point in addressing these growing risks, and now, luckily, action is being taken.

The new White House-produced framework
As part of the ongoing efforts to curb this trend, the White House has introduced the final version of its data security framework to help providers work through these risks while adhering to a set of principles outlined by the Precision Medicine Initiative.

The 10-page framework covers eight guidelines that intend to help PMI participants identify and explain certain risks while communicating with each other and patients to clarify these experiences.

Health and Human Services Secretary Sylvia Burwell and Assistant to the President for Homeland Security and Counterterrorism Lisa O. Monaco created the framework by expanding ideas presented in the National Institute of Standards and Technology Cybersecurity Framework.

"Providers can easily adjust and adapt the guidelines to their specific needs."

"We recognize that there is no 'one-size-fits-all' approach to managing data security," Burwell and Monaco wrote in a press release. "This is why the Security Framework… is designed to be adaptable and responsive to the needs of multiple participating PMI groups, providing a broad framework for protecting participants' data."

Essentially, Burwell and Monaco designed the framework to be broad enough that providers can easily adjust and adapt the guidelines to their specific needs. The framework also encourages transparency between participants, patients and other health care systems to further these data security efforts.

What this means for the future of health care data security
Having these guidelines is an important step in achieving better security in the health care sector, especially if it helps medical staff understand certain risks and how to sidestep them. According to the Verizon 2016 Data Breach Investigations Report, most data breach cases in the past year exploited human nature, looking specifically for weak or stolen passwords or other known vulnerabilities.

That's why materials like this framework are becoming so important to health care security. Employees need to understand how certain behaviors can put medical data at a higher risk of exploitation, specifically habits like opening suspicious emails or failing to update or use strong passwords.

For training materials, seminars and other resources to strengthen your staff, contact Professional Medical Services today.