5 Things Every Hospital CEO Should Know About Cybersecurity

Security should be a high priority for any business or organization that houses personal information of others. A significant amount of sensitive information is kept on record in hospitals and other healthcare institutions. These files are locked away and only accessible to authorized people.

However, with the continually increasing usage of the internet for things big and small, it’s essential that digital copies of these records are subject to the same level of security that a physical file would be.

Cybersecurity is a moving target. There will be no point in which you can stop worrying about the security of your records. There are people constantly looking for an in and creating new ways to gain access to files that they should not have. Because of this, cybersecurity must be a priority for you.

 

1. You Have a Legal Obligation

 

Just as you would prioritize security for physical copies of health records and personal information, you need to show that same attention to detail when it comes to digital records.

HITRUST (Health Information Trust Alliance) is an organization that is dedicated to ensuring that healthcare companies meet ever-changing security requirements. This organization covers a variety of standards like HIPAA, HITECH, FTC, and more.

HITRUST will ensure that you meet all state and federal law requirements. By getting a certification from them, you will have peace of mind that you are abiding by all laws that apply to your hospital.

If you try to meet these requirements on your own, it is very likely that something will slip through your fingers. There are hundreds of requirements that your website and internal security need to follow. There’s a lot to keep track of on your own. By enforcing it on your own, you risk data-breaches, lawsuits, and a ruined brand image.

 

2. Hacking is More of a Problem than Ever

 

Every 39 seconds, an internet-connected device is attacked by hackers. This number off attacks increases every year. These hackers will try to breach any site they can in an effort to find valuable information that they can sell or misuse.

Their techniques change as security measures change. So, it’s essential to have the most up-to-date security features possible. Millions of medical records are compromised every year. According to Healthcare Weekly, these compromises cost an average of $380 per record in 2017.

To help you protect yourself from these breaches and subsequent expenses, HITRUST gives you an action plan to handle security risks. If you are faced with a potential threat, you will waste zero time getting to work. You already have a plan in place that has been crafted by experts in cybersecurity.

 

3. Getting HITRUST Certified is Expensive

 

Being HITRUST certified can incur direct and indirect costs and you must get recertified every year.

The direct cost of certification is between $60,000-$120,000 for small healthcare companies and even more for large ones. The assessment alone can range anywhere from $30,000-$175,0000. The cost heavily depends on the size and complexity of your organization.

Indirect costs rack up in a few ways. One of the biggest things to consider is the number of hours that it takes to attain a HITRUST certification. It is estimated that it will take about 400 hours of work to get your security system up to compliance. So, you need to consider the hourly pay of each of the employees on staff for those 400 hours, their benefits, the amount of lost business that could have come in during the certification process, the cost of assessments, and more.

With all of these costs together, you can expect to shell out a six-figure dollar amount for the certification. However, it is well worth the investment as a HITRUST certification is the “gold standard” for security compliance.

4. Effective Cybersecurity Benefits Everyone

 

 

Of course cybersecurity is important for keeping your patients’ personal information private, but it has a lot of other benefits for your hospital as well.

Once you make the initial time investment, recertification and audits take less and less time. The process is repeatable and it builds on itself. The changes that certification requires each year may simply be tweaks and patches that do not take long to implement.

As I mentioned before, this certification will also save you time because it gives you a step-by-step guide of what to do should there be a security risk. If you think of it as time invested up-front to better equip you for a security emergency, it’s easy to see that the preparation is worthwhile.

Lastly, HITRUST certification helps you stand out from less worthy competitors. People will be able to see that they can trust you with sensitive medical information. If they go to a competitor’s site and don’t see the certification, they know that they should not do business with them. But, your certification will give them peace of mind and encourage them to be confident in your hospital.

 

5. Becoming Secure can be Time-Consuming

 

The certification process takes a long time, so you should get started sooner rather than later. Depending on the complexity of your systems, certification can take anywhere between 4 and 6 months to complete.

To pass the certification assessment, you will be reviewed in 19 different domains and on 135 required controls. Each of these items has its own preparation process and review process.

You can try to shorten this time by making preparations ahead of time and performing self-assessments to ensure that you are as ready as possible when it comes time for the official assessment.

Conclusion

Strong cybersecurity measures make all the difference in your hospital’s ability to cater to the needs of their patients. With the constantly changing and growing uses of the internet, it will likely become more common for patients and doctors to access sensitive information digitally. Make sure that you are ready for this by investing in the necessary certifications to provide a secure interface for your patients.

Leave a Reply

Your email address will not be published. Required fields are marked *