Improving Data Protections for Electronic Health Records

January 27, 2020

Today is National Data Privacy Day. Ensuring data protection is a high priority of the Iowa Primary Care Association, our sister company INConcertCare, and our member community health centers. Together, we take protecting patient health records and data very seriously.

In 2019, INConcertCare was awarded a $520,000 grant from the Health Resources and Services Administration (HRSA) to use towards improving various functions of Iowa’s health centers through a Health Center Controlled Network (HCCN).

While there are a variety of ways HCCNs work to provide training and technical assistance to health centers, today we want to focus on just one area: data protection. With this grant, we will be able to thoroughly examine our health centers’ current capabilities and assist them in developing data protection plans during a three-year process. This process includes engaging with a vendor to perform a security and risk audit with a focus on increasing email security and protecting company data through the adoption of various tools and standards.

Currently, the Iowa PCA is working with a team of Information Technology leaders from member Health Centers to define scope and key components of security risk analysis. This team is focusing this effort on the National Institute of Standards and Technology (NIST) best practice. The team is also reviewing Information Technology Disaster Recovery Planning (IT-DRP) models to define scope and approach to breach mitigation/response planning.  Focusing on these goals supports proactive approaches and reactive planning with the goal of improved data protection in all health centers.

In an increasingly digitized era where large amounts of patient data is electronically stored and data security risk continues to increase, the Iowa PCA, our INConcertCare team, and health centers are continuing to evaluate and improve our structures and procedures to maintain and improve data privacy and protection.