As more and more patient data is stored in digital files, secure access to this data is a real necessity. Not only to protect against cybercriminals, but also to ensure that only the right staff members have access to the files. That is why hospitals are obliged to carry out an audit to test the security. Trust Guard helps you to prepare and carry out this audit.
In response to various incidents in which staff wrongfully requested patient data and in some cases disclosed this data, the Netherlands Association of Hospitals (NVZ), supported by the Netherlands Federation of University Medical Centres (NFU), decided that a code of conduct should be drawn up, in which the security of digital patient data is laid down. In order to comply with the future “Gedragslijn 1.0” (Code of Conduct for Access to Digital Patient Files), hospitals are obliged to perform an audit.
From zero measurement to audit
The audit looks at the state of your security relating to the access to your digital patient records. Five components are tested:
– Authentication
– Authorisation
– Logging
– Monitoring
– Awareness
This concerns both access to records by hospital staff and the security of your website whether if criminals trying to gain access. Now that healthcare is becoming more and more digital, with patients making appointments or receiving results via the website, this is even more important than before.
To pass the audit, you must first map out the current state of your security. This is the so-called baseline measurement. This baseline measurement is carried out in accordance with the NEN7510 standards. It gives you a clear picture of your information security. On the basis of this baseline measurement, possible improvements can be proposed to bring your digital security up to the right standard.
A comprehensive scan
Together with partners AssuranceProviders and Cyber Guard we set up a baseline measurement, where Trust Guard takes care of the scanning of the website. The scan assesses the five components mentioned above on the basis of various aspects such as IT security and system management. In addition, compliance with the security policy is examined and the various technical links between your healthcare institution and your suppliers are checked. The findings are reported on the basis of various statutory guidelines such as NEN7510, ISO 27001 and HIPAA.
Based on these findings, we will help you with a plan to take your security to an even higher level before the May 31 audit deadline.
If you would like more information about the audit and baseline measurement, please contact gedragslijn@assuranceproviders.eu or by phone 0297 – 381 303 / 06- 28 35 35 79 87