Some of the most common phrases that come out of information security professional mouths include “Well, that did not work” and “The project fell apart, and I don’t know what I could have done better.”

The pain of not knowing what security best practices your team can/should implement can cost the company time and money. It could also end up affecting the customer and making the business liable for damages that take years to pay off.

When it comes to healthcare Information security, there are tons of ways, practices, and overall better ways of doing business. No matter what you implement, some of the results just do not come out the way you expected.

So the question is as follows: “What are the best top practices in healthcare information security?”

Here are some answers.

Technical Perspective:

Train, train and train some more. Ensuring your staff are up to date on the latest threats out there is a great way to make everyone “eyes and ears” for the company. Empower them with information security education to let them know they have skin in the game, as well.

Domain Access:

Not everyone needs domain access. In fact, it does not matter if a person has a high title or several initiations after their name. That doesn’t mean they should have domain access. Furthermore, giving the key to the king/queen is even a worst idea. Now the target on their back is even bigger.


If the company is allowing BYOD, then ensure that some sort of MDM solution is in place that containerizes the session when an employee accesses PHI and/or any PII. An area to look out for in the MDM space is the disabling of developer mode, which could render null and void the services provided (Read more...)