Review: Protecting Patient Information
About the author
Paul Cerrato has more than 30 years of experience working in healthcare and has written extensively on patient care, electronic health records, protected health information (PHI) security, practice management, and clinical decision support. He has served as Editor of InformationWeek Healthcare, Executive Editor of Contemporary OB/GYN, and Senior Editor RN Journal.
Inside Protecting Patient Information
If you are a decision maker in a healthcare organization, and you are not convinced that you need to do more to protect patients’ data, just take a look at this list of breaches of unsecured protected health information that happened in the last seven years in the US.
Decision makers at all of those organizations likely thought that a data breach wouldn’t happen to them, but it did. Fines had to be paid, security measures implemented, protection services offered to affected patients – not to mention that the victims lost trust in the organization, and some opted to sue them. Think about legal fees. So why not get a head start and avoid the worst by implementing the best protection you can muster?
This book will help you get a good idea of what can go wrong, help you calculate the cost of security, do a risk analysis, choose the right solutions for reducing the risk of a data breach (policies, procedures, employee education, encryption, access control, cybersecurity insurance, mobile device security, medical device security, etc.), and clear up misconceptions you might have about HIPAA,
It will also explain why you need to have a data breach response plan in case one happens and who you need to call in to help.
It’s a relatively short book, and you won’t get everything you need from it, but it’s a good primer that condenses the main points of the regulations protecting patients’ data, and you will get some helpful tips. It’s a good way to get a sense of what you’ll be in for if you start the journey.
The author says that one of the aims of this book is to convince the reader about the importance of security and cost of insecurity, and I believe he has done a good job. I can imagine the IT staff using it as a way to get the higher-ups to think on the subject and do something about it.
It’s an easy read, and less-tech savvy readers should have no trouble understanding it.
Another good thing to note is that this book is primarily aimed at US-based healthcare organizations and professionals. Professionals in other countries can learn about security policies and procedures and solutions, but will have to do their own research about the legislations put in place to protect health information by their own countries.