Cybersecurity awareness: Protecting data and patients
IN TODAY'S INCREASINGLY “connected” world, where much of the patient information that we handle is in electronic form, we can't maintain patient privacy without information security. Patient information must be protected at all stages of the information lifecycle: when the information is created, received, transmitted, maintained, and destroyed. The Health Insurance Portability and Accountability Act (HIPAA) Security Rule mandates the protection of electronic health information with physical, technical, and administrative safeguards.1 It also requires covered entities and business associates to implement cybersecurity awareness and training for all members of the workforce, including management.1 In addition, the HIPAA Privacy Rule governs the permitted or required uses and disclosures of protected health information, regardless of the medium.2
Protecting information isn't just a function of the information technology (IT) department, it's the shared responsibility of everyone within an organization. This responsibility extends to end users, such as nurses, physicians, unlicensed assistive personnel, technicians, and other staff, including interns, volunteers, consultants, contractors, and researchers. Technology safeguards alone can't make an organization secure; however, knowledgeable employees can help reduce risks.3 This article discusses what nurses must do to promote cybersecurity and maintain patient confidentiality.