April 29, 2016

Posted in:

4 Ways Hosting Providers Ensure Cybersecurity for Healthcare


The transition to electronic health records (EHRs) has vastly streamlined healthcare practitioners’ access to patient information over the past ten years and paved the way for more efficient, personalized care. However, with growing efficiency and quality of service have come the responsibilities associated with protecting some of the most valuable data in any industry through high-quality cybersecurity.

In fact, some analysts are referring to 2015 as the year of the healthcare data breach. Now in 2016, it is time for healthcare organizations to take stock of their online infrastructure and critically ask whether their cybersecurity plans are robust enough to defend against emerging threats.

Be Proactive

The first step in becoming proactive is by taking a holistic approach to securing every facet of an organization’s infrastructure. From the physical data servers, to the various applications, to specific operational protocols, an IT department must take inventory of every piece of infrastructure and assess it from a cybersecurity point of view.

For physical data center security, best practices ensure that servers are located in a secure facility with 24/7 security, including security cameras and restricted entry. Ideally, your organization will also use an enterprise-level anti-virus system, web application firewalls and 24/7/365 monitoring of your servers to manage security threats in real-time. In the event that something does go wrong, having a regular back-up schedule and recovery plan is crucial for avoiding downtime.

Perform Risk Assessments

Conducting risk assessments are a required component under your website’s annual HIPAA audit. The purpose is to assess the administrative, technical and physical safeguards in place in order to uncover potential weaknesses in an organization’s cybersecurity plan.

However, new hacking techniques emerge on a daily basis. As a result, healthcare organizations should conduct additional risk assessments at random intervals throughout the year in order to identify threats and vulnerabilities as the organization changes.

Ready an Incident Response Plan

Even the most well-prepared IT department will experience an incident at some point. However, the scale and severity of that incident can be tempered by having a response plan already in place so you can act quickly and decisively in the face of a hack.

While each incident response plan will be different depending on the unique characteristics of your organization, there are certain elements that are common to each. In particular, you should know who to contact and when in the event of a security breach. Most of the time, the first call will be to your hosting provider, although you should also identify specific points of contact and communication channels internally so that your team can coordinate a response to the attack immediately.

In addition, containing the attack as early as possible will be crucial in limiting the damage caused to your organization’s systems and infrastructure. An effective incident response plan will include a containment strategy that is based on an inventory of your servers, applications and environments.

Encrypt Data

Data encryption is a must when it comes to storing electronic protected health information (ePHI). Read more about the data encryption process here.

Final Thoughts

Ultimately, HIPAA is about establishing privacy and security at the forefront of all transmission, storage and use of ePHI. Data encryption, being proactive, establishing an incident response plan and performing risk assessments are some practical applications for security standards and are ways to ensure you’re taking a holistic approach to protecting ePHI.

At Edge, we take the guesswork out of HIPAA compliance with our hosting solutions. We provide a fully-managed HIPAA compliant hosting platform for databases, applications and websites. Not only do we stand by our work by signing Business Associate Agreements, we strive to exceed the expectation under HIPAA so that your online infrastructure is as protected as it can be both now and into the future.

Go back