Best Practices for Managing Data Risk in Healthcare
Adam Winston, WatchGuard field CTO, says policies that govern the use of AI applications need to be implemented internally within organizations.
“General-purpose tools employed by end users should not be used to process or upload protected health information or intellectual property; instead, look for purpose-built products that adhere to the HIPAA rules or are targeted for automating some of these tasks,” he says.
Jackson says organizations should start by classifying and mapping their data: “If you don’t know what you have or where it resides, you’re operating blind.”
“From there, embed privacy and security — such as endpoint protection and extended detection and response — into your systems from the start, not as an afterthought,” he says.
Regular risk assessments, strong access controls, encryption and continuous staff awareness training (not once a year) should be standard practice.
“These aren’t optional; they should be considered mandatory for protecting sensitive health data and are key elements of security management,” Jackson says.
RELATED: Here’s what healthcare IT leaders need to know…
