Deadline for Code of Conduct on Access Security for Hospitals is rapidly approaching!

blog-codeofconduct

As more and more patient data is stored in digital files, secure access to this data is a real necessity. Not only to protect against cybercriminals, but also to ensure that only the right staff members have access to the files. That is why hospitals are obliged to carry out an audit to test the security. Trust Guard helps you to prepare and carry out this audit.

In response to various incidents in which staff wrongfully requested patient data and in some cases disclosed this data, the Netherlands Association of Hospitals (NVZ), supported by the Netherlands Federation of University Medical Centres (NFU), decided that a code of conduct should be drawn up, in which the security of digital patient data is laid down. In order to comply with the future “Gedragslijn 1.0” (Code of Conduct for Access to Digital Patient Files), hospitals are obliged to perform an audit.

From zero measurement to audit

The audit looks at the state of your security relating to the access to your digital patient records. Five components are tested:

– Authentication
– Authorisation
– Logging
– Monitoring
– Awareness

This concerns both access to records by hospital staff and the security of your website whether if criminals trying to gain access. Now that healthcare is becoming more and more digital, with patients making appointments or receiving results via the website, this is even more important than before.

To pass the audit, you must first map out the current state of your security. This is the so-called baseline measurement. This baseline measurement is carried out in accordance with the NEN7510 standards. It gives you a clear picture of your information security. On the basis of this baseline measurement, possible improvements can be proposed to bring your digital security up to the right standard.

A comprehensive scan

Together with partners AssuranceProviders and Cyber Guard we set up a baseline measurement, where Trust Guard takes care of the scanning of the website. The scan assesses the five components mentioned above on the basis of various aspects such as IT security and system management. In addition, compliance with the security policy is examined and the various technical links between your healthcare institution and your suppliers are checked. The findings are reported on the basis of various statutory guidelines such as NEN7510, ISO 27001 and HIPAA.

Based on these findings, we will help you with a plan to take your security to an even higher level before the May 31 audit deadline.

If you would like more information about the audit and baseline measurement, please contact gedragslijn@assuranceproviders.eu or by phone 0297 – 381 303 / 06- 28 35 35 79 87

Also read

SSL management made easy

One of the first requirements against cybercriminals is the purchase of an SSL certificate for your website. Surfing without HTTPS in the domain name is not a good practice! With the Trust Guard Vulnerability Scan, you can now view and manage the status of your SSL certificates.

Security awareness: the importance of good information policy

The moment hackers at your organisation make off with privacy-sensitive data, the consequences are your responsibility - including legal ones. Yet cybersecurity within companies is still not as self-evident as a decent lock on the front door. And that while this topic deserves just as much attention.

Trust Guard: More Trust is more Sales

If you run an online shop, you want your customers to be able to rely on you. That they can trust you with their data, knowing that the security is in order. In this blog, we will tell you all about the Trust Guard seal: good for your customers, good for your credibility.