This blog has previously mentioned the special concern within the IT security community for health records, since these often package lots of valuable information together. To enforce data security, health facilities have to take action and put appropriate policies into place.
To this end, the National Association of Insurance Commissioners (NAIC) has released guidelines regarding the handling of consumer information, particularly as it pertains to the insurance industry. It outlines the right behaviors for insurance providers to follow in 12 principles that encompass the proper means of protecting sensitive data. Some of the points touched upon by the NAIC include confidentiality and mandating systems alerts, as well as the flexibility for insurers to work with "nationally recognized efforts."
The plan also calls for training for employees of insurers and insurance producers, along with assessment. State insurance regulators are mentioned several times, and one of the points advises them to protect information communicated to or from an insurance department.
In the press release announcing these guidelines, the president of the NAIC, Monica Lindeen, laid out the goals of these principles and the better awareness in the industry they will hopefully lead to.
"These principles will serve as the foundation for protection of sensitive consumer information held by insurers as well as insurance producers and guide regulators who oversee the insurance industry," she said.
Best practices for IT security have a better chance of taking root if organizations work with professional Healthcare IT consulting advisors for education and assessment. By responding to the standards that apply to their business with appropriate training, care groups, practitioners and other healthcare entities will see consistent opportunities for improvement grow. Counselling could also make staff more aware of the threats posed by poor awareness.