Healthcare Data Access Regulation: How Organizations are Encouraging Employee Error
Over the last few months, organizations have witnessed a whirlwind of new cyber attacks and breaches. Healthcare providers have long blamed most breaches on employee error and negligence, with various studies and reports revealing that the majority of healthcare breaches are a result of internal actors. And while this may be partially true, the fact remains that many organizations contribute to the problem themselves. Not through a lack of training or resources, but through a lack of proper data access regulation.
The 2019 Global Data Risk Report from Varonis shows that 53 percent of companies exposed 1,000 sensitive files to all employees, with this number expected to increase over the coming years. This means that sensitive data from both employees and patients is constantly left exposed for any employee to access. This occurs as a result of either improper data storage, incorrect permission settings or out-of-date permission settings.
Moreover, the report shows that organizations are also falling short when it comes to monitoring data. Over half of most company data consists of out-of-date information, inactive user accounts and non-expiring passwords. The time it takes to audit this ocean of data makes its virtually impossible for data oversight employees to review files and fix access issues.
While one cannot deny the detrimental effect of employee error on healthcare security, it is clear that organizations are not cutting the problem at the knees. If organizations learn to manage data well and limit access to those who need it, the chances of negligence will decrease considerably.
Both national and international regulations such as HIPAA and the GDPR require that providers keep sensitive data safe. This not only includes having strong cyber security precautions in place, but also regulating and controlling access to data as well. Moreover, cleaning out stale data makes data storage cheaper, security tighter and minimizes the chances of sensitive data being stolen.