Educational institutions collect various types of sensitive information from students and employees. For students, personal identifiable information (PII), health records and, sometimes, parent credit card information is collected and stored in addition to their school performance records. Higher educational systems may be involved in research that is considered confidential and proprietary. Hackers generally target organizations where they may get the most personal health information (PHI). Healthcare and education are a prime target not only because they have a vast collection of PHI records, but also because they are known to have a weaker defense mechanism. That is the very reason why it is so vital for schools to evaluate the security vendor of the available Student Health Record (SHR) solution prior to making their purchasing decision.
Security is a process. It starts with identifying the sensitive information data set, its location, who should be authorized to access it, and how to best secure it based on the known threats. Security policies document these details and provide employees guidance on how to protect the private information. Then, it’s all about the execution and a life cycle of learning and improving.
Because schools are a common target for security breaches, it is vital for schools to have a detailed protocol in place. Following the set security processes that have been successfully implemented ensures that human error will not be the cause of a PHI leak or threat.
Schools deal with a variety of vendors and each vendor should be expected to have a security program in place. Just like the school itself, its vendors must protect the school’s data assets whether that’s from an external or internal threat. Here are some requirements schools should consider when selecting new SHR vendors: