By Jennifer Lonoff Schiff
May 24, 2017
To avoid violating regulations, which could result in tens of thousands of dollars (or more) of fines and negative publicity, healthcare providers must ensure that their facilities are in compliance and be constantly on the lookout for security threats.
And “while the governance of information causes headaches for IT leaders across all industries, when it comes to healthcare, the myriad of confidentiality and privacy concerns for CIOs and health information management administrators creates added complexity,” says Ken Mortensen, data protection officer at InterSystems. One slip-up and “IT leaders risk exposing [sensitive] health information, or, even worse, contributing to an unfortunate patient outcome.”
Following are four of the biggest IT issues hospitals and healthcare facilities must deal with and steps they can take to avoid violations and breaches.
“HIPAA [the Health Insurance Portability and Accountability Act] states that healthcare providers must use ‘appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information,’” says Kate Borten, founder of The Marblehead Group. “This caveat has become a headache for healthcare IT managers, especially as more healthcare teams are using mobile devices to view sensitive patient data outside the walls of healthcare facilities. This can make it all too [easy] for hackers to view and capture sensitive or confidential patient information for unauthorized use.
“Fortunately, there are a number of ways healthcare teams can reduce the risk of hacking and improve the physical security and privacy of patient information,” she says. Hospitals can install or require privacy screens or filters be applied to all computers and mobile devices, to prevent prying eyes from seeing confidential information. And they can require that all data be encrypted.
“It’s imperative that more healthcare organizations adopt stricter data encryption policies based on PHI disclosures,” says Ken Adamson, vice president of product management at Proficio. “Encryption should be embedded directly into files [as well as used in email], with set user permissions to control who accesses information. If healthcare organizations don’t use encryption, they run the risk of having to pay hefty fines in the event of a data leak.”
“More than 4,000 ransomware attacks occur daily, the majority of them in healthcare, thanks largely to the high value of medical data on the black market,” says Rod Piechowski, senior director of health information systems at HIMSS. “In addition to recovery costs and collateral damage to the brand, ransomware can also be a threat to an organization’s HIPAA compliance, because it compromises the security of confidential patient data.”