When Premera suffered its devastating security breach earlier this year, losing 11 million patient records, the question on everyone’s minds was: How could it have been prevented? Many marveled at the fact that the company — along with others like Anthem — hadn’t bothered to encrypt its sensitive patient data. And while Premera and Anthem’s sizes and the volume of records they handle certainly made them prime targets, these situations also highlight the risks posed to much smaller firms — especially those that might not appear to have the latest and greatest security methods. The truth is, cyberattacks will probably increase in frequency, and as health insurance agents continue to handle complete medical records, they must take particular care to protect their sensitive client information.
Patient information is extremely valuable — and extremely expensive, costing healthcare organizations an average of $2.1 million per breach. Though cyberattacks are the largest threat, insider threats from malicious or simply careless employees are close behind. There are precautions insurance agents and firms can take to keep their clients’ information safe. Really, these are precautions agents must take. Updates to the HIPAA and HITECH regulations mean that you also need to be mindful of these rules, on top of practicing general good security.
Here are a few tips to keep in mind to boost productivity, maximize security, and assuage clients’ worries.
1. Accept the inevitable.
We’ve addressed the increasing inevitability of breaches, but the other inevitability is the cloud. Businesses may be moving quickly toward universal cloud adoption, but individuals are moving even faster. More than 40 percent of American employees use their personal smartphones, tablets, or computers for work, and 83 percent of employees prefer to use cloud apps than on-premise equivalents. With such strong momentum, fighting the cloud or denying employees access to it may only set you back, or hinder your ability to block a breach.
2. Encrypt your files and folders.
Clients entrust their agents with their most personal information, so it’s essential to keep that data safe. Storing client files in the cloud can be a great asset to your agency’s workflow, making files easily sharable, accessible on the go, and retrievable from anywhere. But it’s absolutely critical to protect these files in the cloud with adequate encryption. File-level encryption protects the sensitive data itself — not just the place where it resides, which, as you can imagine, is much safer. Such encryption is seamless, so you can store and share files as usual, but they’ll remain encrypted and accessible only to authorized users. So, say your cloud service is hacked, files that are synced to the cloud and encrypted remain impenetrable — and your clients remain unscathed.