It’s rare for a week to go by without news breaking of a data breach at a top company. As such, I continually receive questions about what our Partners can do to reduce their risk of such a breach within their own business. In a previous post, we outlined the biggest threats to data security and privacy in healthcare; today, I want to share what you can do to protect the personal healthcare information (PHI) entrusted to you by your customers or employees from breach or fraud. Here are my top tips:
Just get started.
What should you do to keep bad actors away from your systems? My No. 1 data-protection tip for any Partner using our WEX Health Cloud platform, or even pertaining to your own data in your own business, is to get started. Consider how you’re leveraging the existing tools and services already available to you, and you don’t have to rely entirely on your IT team to do so. For instance, our WEX Health Cloud platform has numerous security and fraud prevention features built in that Partners can choose to leverage. These security features aren’t mandated; our Partners need to choose for themselves which they’re going to enable for their use of the system. It comes down to how you train your staff to leverage the tools and services available to them to reduce your risk.
Give data security the attention it deserves.
When evaluating SaaS solutions, many companies are most focused on availability or the performance or scale of a solution. That’s important stuff, but not as important as trust. When you bring your business and all your data to a SaaS solution and begin to look at that solution as a service provider, you must trust that the provider can provide security and infrastructure that’s not only as good as what you have now, but much better. Look for any SaaS company you partner with to take that partnership with you very seriously to ensure their services become a seamless extension of the services you provide.
Don’t react. Hunt.
In the world of security and fraud prevention, a lot of the technology has been structured around preventing financial and data loss. However, in data security, there’s recently been an important shift in focus away from preventing or reacting to breaches toward actively “hunting” for them. By restructuring your security processes so that you’re concentrated on hunting out a breach and limiting its negative impact rather than preventing it, you’ll ultimately do more to protect yourself and your customers. That’s because it’s not a matter of if a data breach will happen but when and you need to take proactive steps before it does to minimize its overall negative impact. While this sounds scary, this concept is exactly why we all have smoke detectors, sprinkler systems, evacuation procedures, posted exits and fire drills. Those are all proactive measures taken before a fire happens to reduce the damage when it does. To limit the negative outcomes, do your best to prevent, but detect and react fast.
For more on the best approach to data security, we invite you to watch our video about data security in the healthcare space here.