How Strive Health Ensures Data Security: A Comprehensive Six-Step ApproachAuthor : Strive Health
Digital tools can make life easier and streamline the healthcare experience. Healthcare providers use electronic health records (EHRs) and digital systems to manage patient information and deliver better care.
Although technology improves care, it can also raise concerns about the security of sensitive patient information.
“A holistic security program is like an onion,” said Gabe Stapleton, VP of Security and Enterprise Technology at Strive Health. “There are multiple layers of protection in place. So, when one layer fails, several more are still protecting your information.”
Learn how Strive keeps healthcare information secure — and how individuals can apply the same approach to protect their own personal data.
A Data Security Program Built on Trust
Strive built its security program using the gold standard from the very start. Strive maintains a HITRUST CSF® certification, which Stapleton calls “the foundational layer of a good security program in healthcare.”
Strive takes over 300 security measures to protect patient data and limit access points to sensitive information. They fall into the six steps HITRUST recommends for maintaining a robust security system:
- Identify — Find the assets you need to protect and create a safety plan.
- Protect — Put layers of defense into place.
- Detect — Receive alerts so you know when something goes wrong.
- Respond — Plan for and react to a security alert.
- Recover — Retrieve the data lost after an incident.
- Repeat — Cycle back through each phase to improve security.
Data security risks don’t exclusively stem from technology itself. Often, it is how people use technology. Strive provides thorough, ongoing education to all Strivers, aka employees.
“The primary method of attack is through phishing emails and scams,” Stapleton said. “We train and test employees so they can identify phishing emails and know what to do if they receive one.”
Strive’s technology systems all require two or more credentials to log in — security called multifactor authentication.
“We do this across our entire company as an initial stopgap if a password is compromised,” Stapleton said.
6 Steps to Improve Personal Data Security
Most people rely on the Internet to communicate, shop and so much more. People share bits of personal information in many different places online. To protect personal information, use these same steps.
First, it’s helpful to start with the fundamentals. Stapleton recommends people start with training resources like those offered by the state of Pennsylvania to learn about cybersecurity. These resources provide valuable context for this six-step approach.
Step 1. Identify
• Create a list of your accounts — email, social media, banking — and prioritize protecting the critical accounts first.
• Create a list of your devices: phone, laptop, tablet, smart home devices and home network.
Step 2. Protect
• Use passwords, fingerprints or facial recognition for all your devices.
• Create a unique password for every account. Never reuse passwords.
• Find a password manager to help you keep track of login information and passwords.
• Use multifactor authentication on any accounts that offer it. If critical accounts with sensitive information don’t offer multifactor authentication, consider switching to another provider that does.
• Receive training on how to protect yourself online. Your actions are your first layer of defense. Learning how to spot threats online will keep you safe.
Step 3. Detect
• Configure alert settings in your accounts and devices. Have them text or email you when they find suspicious activity.
• Sign up for a credit monitoring service (some credit cards come with these). They will alert you to changes in your credit and suspicious online activity associated with your email account.
Step 4. Respond
• When an account detects suspicious activity, change your password quickly.
• You may have provided information online that you shouldn’t have. As soon as you realize it, access the correct site and change your account password.
Step 5. Recover
• Social media sites are difficult to recover from an attacker because they don’t verify your identity upon joining. Therefore, they can’t verify whether you or the attacker rightfully owns the account.
• You can recover your profile for banking sites or other platforms that verify your identity when you join. Contact the institution as quickly as possible after an attack so they can stop all account activity until you are back in control.
Step 6. Repeat
• Regularly implement these steps for all accounts on your list.
By layering protection, Strive keeps patient data more secure. The same approach can also be applied to safeguard your personal online habits.
To read more about Strive’s HITRUST certification, click here.