Solution Providers Have A Role

While every client is different, Spitler said there are some things solution providers can do to improve PHI security for their clients. The first step is to evaluate the client’s sought-after data and perform threat modeling around it to discover some security “quick wins,” he said. As the Verizon report found, many PHI incidents involved device loss or theft, so Spitler said an example of a quick security win could include full-disc encryption. After that, Spitler said, solution providers should look deeper into the data and who has access to it, and look to provide better accountability around data access in case of malicious activity.