Following the aftermath of the recent cyber-attack on Change Healthcare, which led to the temporary disconnection of numerous customers from their regular data feeds, a renewed interest has emerged in protecting operations and ensuring contingencies are in place.
Business continuity is everything in the aftermath of a cyber-attack. Presently, many healthcare organizations remain in limbo without access to important services, such as claim processing for prescriptions, and daily workflows around auditing and reporting.
Cybersecurity is something that everyone recognizes, but few understand. A successful cybersecurity approach for any organization includes staying current on the latest security advisories, patching vulnerabilities, and proactively looking ahead.
Data Security: a vendor checklist
Credentials are among the first items to be verified in a vendor’s portfolio. Including certifications in data security. While there are many valuable security certifications for SaaS (service as a software) companies (depending on services and customer base), Astra suggests some of the most common ones:
HITRUST CSF – a gold standard in data security for organizations dealing with protected health information (PHI).
SOC 2 – a well-known and regarded certification for cloud service providers, and any organization that stores customer data in the cloud. This certification is issued by outside auditors who assess how much a vendor complies with one or more of the 5 Trust Principles (security, availability, confidentiality, privacy, and processing integrity).
ISO 27001 – for organizations built around information security and data privacy.
PCI-DSS – for any organization that stores payment card information.
HIPAA compliance – for healthcare organizations that conduct electronic transactions – financial or administrative.
Additionally, healthcare SaaS vendors should offer the following infrastructures and features:
- Secure Cloud Infrastructure – used to process, store, and transmit protected health information (PHI).
- Secure Data Storage – PHI protection for stored data, in the form of data encryption, secured databases, and reliable backup procedures.
- Multi-Factor Authentication- Protects against unwanted user access, helping to prevent security breaches that can harm employees, patients, and the organization.
- Single Sign-On (SSO) – Best-in-class identity and access management solution ensures a platform is one to trust when managing user access and authentication.
- Continuous Risk Assessment: a proactive approach to assess and fix evolving threats against the platform and any third-party relationships.
Business Continuity
A business continuity plan (BCP) consists of the critical information an organization needs to continue operating during an unplanned event. It states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.
A credible vendor can offer assistance in detailing how to sustain and maintain productivity and security when faced with the threat of a cyber-attack. Even if the solutions are not part of your normal day-to-day workflow. MDaudit’s Director of Implementation and Training, Lizz Fuller notes,
“A vendor is your partner, your thought leader in the space you partner in together. A vendor should be your trusted partner in good times, to help your company grow, or in challenging times, to help you sustain operational continuity. Vendors should be able to react quickly to support shifting workflows when challenges arise and provide opportunities to keep the stability of your program intact. They should do this by providing and supporting creative and innovative solutions, so you and your organization can continue operations seamlessly.”
Despite this current challenge, the situation offers novel opportunities to explore creative solutions with your vendor while sustaining programs. Intermittently, this is an opportune time to strengthen and renew your relationship with those partners who are working to keep you safe, happy, and productive. Build confidence in your future.
