Enhancing Security in the US Health Sector

Confidentiality, Privacy, and Security in HIPAA and HITECH ACTs The increasing rate of greatly publicized security breaches has sparked changes in the attitudes of consumers and business owners. Business leaders can no more neglect the dramatic consequences that security breaches have on company reputation. In the meantime, consumers now demand more remedies and communication from business after a security breach incident. Therefore, this subject remains one of the greatest priorities confronting businesses in all sectors, including healthcare.

The two cases present two principal security threats: Mobile Devices (BYOD) and Medical Records Theft. Data theft is greatly vulnerable in cases where employees use mobile gadgets, particularly personal devices, to access company information, share data or ignore to change mobile passwords. According to a recent survey, mobile security breaches have affected over 70% of international firms in the last 12 months only (Gupta et al. 2012). In fact, as more companies adopt BYOD, they confront the threat of exposure from those gadgets on the corporate network, including through the VPN.

This could occur given that an app installs malware which could access the device's network connection. Healthcare security is currently a global concern. In fact, in 2015, medical records of over 40 million Americans were breached (Gupta et al. 2012). Almost half of these were a result of cyber attacks. A single attack exposed over five million patient records. Following the increasing value of medical records on the black market, it is a matter of time before fraudsters start targeting healthcare organizations and hospitals in general.

A recent survey by the Ponemon Institute highlights that the rise in medical identity theft has triggered an increase in unbudgeted costs to healthcare sector thus compounding further budgetary pressures. Estimates indicate that roughly 70% of the victims pay insurers, health care providers, lawyers and identity services with their personal cash, with the average costs adding up to $14,000 to handle these cases (Dawson & Omar, 2015). Indeed, organizations need IT engineers and specialists with sophisticated skills to defend and prevent against sophisticated cyber attacks.

However, nowadays, it is hard to find tech talents with these skills. Precisely, this problem is complicated by few factors: Stiff competition. In the business world, competition for top security experts is fierce. As companies and hospitals adopt electronic records, they require more security to safeguard their sensitive customer data. Budget issues. Following the rising need for talent and the declining supply of professionals, compensation for security engineers has hit the skies. Thus many organizations are unable to afford. Outdated technology.

Companies in all industries are highly prone to these attacks because they take long to adopt new technologies and software Part II While fixing the two security breach issues, companies can take a few steps to secure their organizational data: Data encryption: Companies should emphasize on data encryption on all portable devices. Reports indicate that as per 2010 to date, the theft or loss of unencrypted portable devices have been accountable for all breach incidents and affected over 50% of all medical records put at risk (Hea, 2010).

However, encryption holds numerous hurdles such as budgetary constraints, user training needs, and complex technology. As costly as it may look, it cannot compare with the cost of a major breach event because of a stolen device full of PHI. The costs of attorney's fees, forensics, reparations, civil penalty and negative publicity could run into millions of dollars. Organizations must invest in education: The breach problem partly links to how firms fire IT talent. Many organizations prefer over education.

Hence young, promising professionals are neglected for positions, which need advanced skills (Gupta et al. 2012). Besides, developing powerful collaborations between universities and employers could help better train the future generation of security experts. Such relationships could promote training opportunities and internship programs to groom young professionals and link them with the employers. Specifically, companies should invest in professional development, training and seminars for current staff to help boost security. With the desire to be ahead of the hackers, companies must be updated on the latest software and technology (Hhs.gov.

n.d.). Concerning BYOD, companies must ensure they have a carefully spelled out BYOD policy (Hea, 2010). A BYOD policy enables employees to be better educated on device expectations and organizations can better monitor documents and emails which are being downloaded to the firm or individual employee devices. Effective monitoring provides organizations with the visibility into their mobile data loss thus enables them to point out exposures in case mobile devices are stolen or lost (Dawson & Omar, 2015).

With the creeping of unsanctioned consumer devices and apps into the workplace, security experts should look to.