Blog

Stemming data disasters: How to improve healthcare data security

By Thomas Lewis / Special to Healthcare Facilities Today
June 30, 2015

Healthcare providers today are under intense pressure to ensure that their patients’ private information — personally identifiable patient information, healthcare treatment and medical history — remains secure. The new reality is security breaches are occurring with alarming frequency. In fact, the research firm IDC estimates 50 percent of healthcare organizations experienced between one and five cyber attacks in 2014.  

And a recent study from the Ponemon Institute, sponsored by ID Experts, paints an even grimmer picture. Their research concludes that 91 percent of organizations have suffered a data breach in the past two years, 39 percent have experienced more than two and 40 percent have suffered more than five.

The stakes are incredibly high for healthcare companies — a loss of data will destroy patient trust, causing them to search for other providers that they believe can keep their information secure. And there are significant penalties that can be levied for not keeping patient data secure. 

The Office of Civil Rights can fine organizations that do not take the proper precautionary security measures up to $1 million for a data breach. OCR’s stiffest penalty was issued last May, when it hit New York-Presbyterian Hospital and Columbia University with fines totaling $4.8 million for failing to secure the electronic health records of 6,800 people. While the federal government has only issued fines for 22 data breaches to date, healthcare organizations should be proactive about improving healthcare data security.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted as a broad Congressional attempt at healthcare reform — primarily to ensure the security and confidentiality of patient information — and to mandate uniform standards for electronic data transmission of patient health information. 

In 2010, the Affordable Care Act brought a surge in the amount of patients with electronic health records. This has exponentially increased the amount of information that organizations storing healthcare data must secure, making their task that much more challenging.

Here are a few areas to examine for improving your healthcare data security:

Don’t neglect encryption 

Granted, it’s not always cheap to encrypt data – the totals can run into the $100s per user, but it’s worth it. Robust encryption can insulate you from HIPAA fines and provides an added layer of security that helps foster trust with your patients — making the investment for encryption well worth the cost.

Strengthen data management policies 

While controlling the end user can be difficult, companies can mitigate their risks by putting security systems in place to help keep users from doing improper things with data. For instance, there are some networks that will allow a doctor to download patient data to Dropbox. That’s a big no-no. To make sure patient information is secure, organizations need to develop strong data management policies to minimize healthcare data breaches.

Educate the end user 

Talk to most cybersecurity experts and they will tell you the same thing: cyber breaches typically start with people. For all the stories of sophisticated hackers, data is typically put at the most risk by ordinary employees being careless or ignorant to the risks. 

Instead of just telling doctors not to use Dropbox, explain why it is harmful. Be proactive and provide them with secure tools to achieve their objectives so they won’t resort to unsafe and dangerous methods that put patient data at risk. 

Review physical access controls

While managing the risk around physical security in a hospital can be a daunting task, don’t neglect strong physical access controls and policies. While the majority of healthcare information is stolen online, there are cases where data centers were physically broken into and the servers containing valuable information were stolen. 

Malicious intruders might include a disgruntled former employee corrupting networks to allow outside access or providing credentials to criminals. It’s imperative that your facility has the right robust physical security protocols in place to monitor the actions of everyone that comes in contact with the building — even your own employees.

What this means for you and your patients

If you carefully consider and implement the controls and strategies discussed here, you will be better prepared to protect your organization’s healthcare data. Data breaches have become an all-too-common experience, but with the right preparation you can greatly reduce your organization’s risk of being breached and/or penalized which could result in even greater financial losses due to the mass departure of patients. Taking appropriate security measures gives your patients confidence that their data is secure and increases the security of your business.

Thomas Lewis is a partner-in-charge of LBMC Security & Risk Services.

 

See the latest posts on our homepage


Share

Topic Area: Blogs


Recent Posts
Recent Posts

Ebola epidemic spreads to larger city in Congo


Cases have been reported in a city of more than a million people

12/14/2018

Ohio healthcare facilities constantly review security procedures


Recent shootings across the country have hospital officials evaluating policies

12/14/2018

Hospital sprinkler system violations can be dangerous


Data cables contacting sprinkler lines comprise nearly 2/3 of all sprinkler line load deficiencies

12/14/2018

Privacy curtains and sheets can harbor pathogens


Soft surfaces can fly under the radar in the spread of infectious agents

12/14/2018

Calif. hospital vows to reopen after wildfire


Feather River Hospital says reopening a matter of when, not if

12/14/2018





Post Comment




FREE
NEWSLETTER

• News and Updates
• Webcast Alerts
• Building Technologies



All fields are required.