As health care organizations make the switch to completely electronic health records, the threat of security breaches becomes more of an issue. News reports of data breaches at hospitals, insurance companies and other health care organizations keep millions of consumers on edge, unsure if their sensitive medical records and financial information are safe.
Medical data is some of the most sensitive information about a person. Health care providers are aware, that for many consumers, personal health information is not something most would freely share with even their closest family members, let alone complete strangers. In fact, the doctor-patient relationship is one of only a few relationships whose confidentiality is protected by law.
Medical records are much more lucrative on the black market than simple credit card information. In addition to financial information and Social Security numbers, a person's medical data can include prescriptions, surgeries, procedures, insurance information and other details that make it that much easier to steal his identity and get away with it. At the worst end of the scale, thieves could blackmail a person or demand ransom to keep it under wraps, especially if the victim is a person of power or great wealth.
The 1996 legislation of HIPAA, or the Health Insurance Portability and Accountability Act, along with the strict privacy rules and regulations that came with it, leads many health care consumers to believe their sensitive data is safe and secure. The myriad of recent security breaches at organizations such as Premera Blue Cross tells a different story. Symantec's annual Internet Security Threat report shows that 2014 saw a 25 percent increase in health care organization incidents compared to 2013, with 116 total incidents reported for the year. Considering the types of information health care organizations are privy to, these numbers are alarming.
To begin to remedy the problem, hospitals, insurance companies and other health care organizations must implement multiple strategies. Physical security is one of the simplest aspects of protecting consumer information. Employees who work with highly sensitive data need to be thoroughly trained to protect their computers, devices and passwords in the same way they protect their own information.
Even with health care workers protecting their devices with their lives, a deeper problem is the slow updating of information and poor connection between devices, which makes it easier for hackers to strike. Many hospitals and clinics are still relying on outdated computer systems and applications that present many security holes for cyberattacks. The IT professional's main role, in addition to keeping a health care organization's computer systems up and running, must include protecting users' privacy by ensuring all data remains secure.
"We are moving in the right direction in regard to putting better privacy protections in place, but we have a long way to go," says Dr. David Baumer, head of business management at North Carolina State University. While there is no instant fix to the issue, it is important for health care organizations to begin focusing on the importance of data security. Security awareness training and use of third-party security services are good first steps.
Photo courtesy of Stuart Miles at FreeDigitalPhotos.net