How to Ensure Healthcare Data Security

April 1, 2021
April 1, 2021

Everyone leading healthcare organizations in the United States is aware that healthcare data is at risk for hacking attacks. Greater awareness and the institution of tighter healthcare security measures has not done much to discourage the efforts of criminals to gain access to private information. Security breaches in healthcare continue to be common headaches for organizations across the map. If anything, hacking techniques have become more sophisticated and complex as a result. Healthcare security needs to take note and respond. 

Why Is Data Security Becoming Even More Important in Healthcare? 

We’ve spent a decade moving patient information to electronic medical records, so that providers at different organizations can easily connect. Some experts believe that “the next 10 years will be about ensuring the data that has been collected and stored in the cloud is being used in a secure and meaningful way” (Wilking, 2018). The upshot as even more sensitive data and information is stored digitally will be increased regulation and oversight to ensure that security and privacy is protected across healthcare. 

Some of the ways stolen healthcare information can be used involve identity theft, insurance fraud, extortion, and even market fraud. One example is that public figures could be blackmailed about private life details. Another is where corporate leaders could have a healthcare condition that might affect company performance if a leadership succession plan isn’t already in place. Healthcare organizations are hiring more and more cybersecurity professionals to oversee their efforts, especially from industries like the military and financial services, where security has long been something to safeguard. 

Data security is also connected to risk. When a privacy breach occurs, a healthcare organization has also violated HIPAA, which often requires a fine or settlement with the U.S. Government. Private lawsuits can also occur, as can Corporate Integrity Agreements (CIAs) involvement extensive training programs to prevent repeat violations. 

Five Ways to Keep Networks and Data Safe from Hackers 

Health IT Security just released the following five ways that healthcare organizations can safeguard protected health information (PHI) by instituting up-to-date cybersecurity measures. Specifically, the article recommends efforts to bring patient portal security up-to-date and keep networks safe from unauthorized access. Healthcare data security and preventing security breaches in healthcare has never been more important. 

These healthcare data security measures include: 

  • Automated the Portal sign-up process  
  • Protect the initial sign-up process to stop false enrollments into a patient portal. Patients should only need to enter a few pieces of information, just enough to confirm the user’s identity on the back end. 

  • Update all anti-virus and malware software 
  • HIMSS Analytics has stated that 78% of providers had ransomware and malware attacks in 2017. If email is the likely route for deploying malware, conventional security measures must consistently evolve. Outdated anti-virus software can make organizations vulnerable to every new iteration of malware. Institute automatic opt-ins so updates are downloaded and installed as soon as they’re made available. 

  • Use Multifactor verification 
  • After a sign-up, use multifactor verification to ensure all future portal sessions are equally secure. Two-factor authentication adds additional protection on top of conventional login credentials. Require a password or PIN, plus something personal such as a cell phone number, fingerprint, iris scan, or more. For compromised devices or accounts, multi-factor authentication can ensure a network remains safe. Consumers are already used to these measures. 

  • Employ identity solutions to protect patient identities. 
  • HIPAA requires providers to ensure you’re giving access to the right patient. Use measures that can help you confirm a person is who they say they are. Identity proofing questions can be triggered to provide an extra check, when something doesn’t seem right. Biometrics are beginning to supplement existing identity-proving solutions. Communicate the steps your organization is taking to secure patient information, so patients feel about your commitment to data security.   

  • Continue to focus on interoperability standards 

Interoperability ensures disparate systems can share medical histories and data in ways that support outcomes improvement across the continuum of care. Without it, we’ll still be forced to use email, with all its capacity for phishing attempts causing security breaches in healthcare and lapses in protection. 


Davis, J., “Best Practice Cybersecurity Methods for Remote Care, Patient Portals, Health IT Security, March 20, 2020, Retrieved at 

Wilking, M., “5 Ways healthcare organizations can improve data security,” Becker’s Health IT, July 10, 2018, Retrieved at

HealthStream’s compliance training solutions help healthcare organizations across the care continuum comply with government regulations and accrediting body requirements while developing and engaging staff.  In addition to providing essential tools and training to help you remain compliant, we help analyze your training data and provide insight into your training initiatives—enabling you to measure compliance progress, identify outstanding challenges, and determine where to make compliance program improvements.  Our innovative educational content, data solutions, and tools are recognized throughout healthcare as the industry standard for comprehensive and engaging compliance training. 

Request Demo