Ipswitch Blog

Five Steps to Prevent Privacy Breaches

| November 11, 2010 | Compliance, Data Breach, Enforcement, Managed File Transfer

Neil Chesanow just published a very informative article for Medscape titled “Why Your Patients’ Data May Not Be Safe: 5 Steps to Protect It”

I had the pleasure of talking with Neil as he was writing the article and I must say that I’m impressed with the 5-step approach he outlines to prevent privacy breaches.

1.    Develop a strict-but-realistic security policy
2.    Control access to patient data
3.    Monitor electronic health record (EHR) activity
4.    Require more complex passwords
5.    Encrypt all outgoing files

Although written from a medical/healthcare point-of-view, the steps can be applied to help any business or organization think through some of the issues surrounding the protection of sensitive and confidential files and data.

One of the more critical points that I believe Neil highlighted is how important it is to control access to confidential information.  Access to sensitive files and data should only be granted to people that are required to use it as part of their job.  Not every employee or external partner should have access to all company information…. And it’s easy enough to control and enforce access by applying simple rules and policies.

Monitoring, reporting and auditing file and data activity is another critical point raised by Neil.  The ability to see who accessed sensitive information, when and how many times they access it, whether they moved or sent it to another location or person, and if/how the transmission and file itself was secured and encrypted are important pieces of information from both an internal security policy as well as compliance perspective.  Believe me, you don’t ever want to turn down an eDiscovery judge’s request to provide an audit trail for a particular file or communication and not be able to provide it.

How IT Pros Can Save 30 Minutes a Day

How IT Pros Can Save 30 Minutes a Day

Implementing Compliance for Data Privacy in Regulated Industries

Free Webinar: Implementing Compliance for Data Privacy in Regulated Industries

Leave a Reply

Your email address will not be published. Required fields are marked *

Ipswitch Blog

This post was written by Ipswitch Blog

Ipswitch helps solve complex IT problems with simple solutions. The company’s software has been installed on more than 150,000 networks spanning 168 countries to monitor networks, applications and servers, and securely transfer files between systems, business partners and customers. Ipswitch was founded in 1991 and is based in Lexington, Massachusetts with offices throughout the U.S., Europe, Asia and Latin America.