Kel Mohror
“Data,” according to PriceWaterhouseCoopers, “is quickly becoming one of the health industry’s most treasured commodities. In just the last year and a half, a breach of personal health information occurred, on average, every other day. Breaches erode productivity and patient trust, are costly, unpredictable, and unfortunately quite common.” The consultancy’s Old data learns new tricks: Managing patient security and privacy on a new data-sharing playground describes those “new tricks” for healthcare’s “new playground.”
Debra Beaulieu in FiercePracticeManagement in a brief from an American Medical News report, writes- “The biggest security threat to your patients' health information isn't malicious hackers, as some practices might think, but rather simple carelessness among your staff.”
“A recent $1 million fine against Massachusetts General Hospital after an employee inadvertently left a stack of papers on a subway car teach us that they can have serious consequences.”
"Humans truly are the biggest vulnerability within an organization with regard to security and privacy," said Rebecca Herold, a privacy and data security consultant based in Iowa.
“A February report from accounting firm Kaufman, Rossin & Co. found, for example, that practices and hospitals are most likely to experience a breach because of an employee losing a thumb drive, mobile device or paperwork, American Medical News reports.”
“To avoid these risks, practices need to be aware of the multiple places where their information is stored and how it flows throughout the organization, regardless of whether it is on paper or electronic, Jorge Rey, an information and IT audit manager for Kaufman, Rossin & Co. told Amednews.
Separately, in an American Medical News Technically Speaking article “How to ensure a lost mobile device won’t cause a data breach,” Pamela Lewis Dolan observed “With an estimated 80% of physicians using a mobile device on the job, a lot of patient data is vulnerable to breaches unless steps are taken to protect it. Data encryption is the one thing that protects physicians from having to report a breach if data go missing.”
Ms. Dolan identifies several steps providers can take to secure data on mobile devices, including-
- picking the right device by explaining to the mobile device vendor exactly what you will use the phone for and what you need to have encrypted using an encryption app and
- providers should not assume that data on a cloud-based app are safe.”
“In most cases, breaches happen not because people have malicious intents. ‘The real lesson,’ Kevin Haley, director of product management at Symantec Security Response, said, ‘is that people are not evil, but curious. So we really need to protect this data.’”
CSO Security and Risk reported in Healthcare security needs a booster shot, “theft of records accounted for 66 percent of reported health data breaches during the previous two years. Also, just over one-third of hospitals and physician groups reported cases of medical identity theft. And 54 percent of health organizations reported at least one issue with information privacy and security over the past two years.”
“Pete Lindstrom, research director at Spire Security warned- ‘The industry is exposing the data to the world and making more complex apps, and they're getting hacked as a result.’"
“As one would suspect, commonly it's insider improper use of protected health information, with 40 percent of providers saying that has happened in their organization during the 24 months prior to the survey.”
Apparently establishing and maintaining healthcare data security are not mere “the sky is falling!” or “cry wolf!” problems. On Mar 28 2012, SiloBreaker linked to a WSJ.com Video – News report FBI Cyber Chief: U.S. Losing War Against Hackers. “We're not winning," FBI executive assistant director Shawn Henry said. “An organization must monitor its data system with the assumption that you have already been breached.”
“The capabilities of hackers with the software tools at their disposal too-often make them more successful at getting data than the people who are paid to prevent unauthorized access to data.”
Managing a data must be taken seriously. Having a secured database improves your relationship with contacts and clients.
Posted by: Shania Simpsons | 04/30/2012 at 08:20 AM
Absolutely right, Shania. Unfortunately a secure db or ensuring "eyes only" PHI is on the "back burner" while providers are in the throes of implementing and adopting EHR and CPOE. DB security and preventing PHI breaches demand significant time and multitasking, both of which are in short supply.
Posted by: Kel Mohror | 04/30/2012 at 09:25 PM
As a healthcare organization, you are confronted with staggering volumes of PHI, PII, and other sensitive data. The aggressive push towards electronic records management, combined with patient information privacy laws, has placed your IT infrastructure under enormous pressure. You need a flexible solution that can handle the vast amount of data, while offering federally-compliant strong security you can depend on.
Posted by: adt home security systems | 07/19/2012 at 10:13 AM
I agree on this article.For me any kind of data should be very secured.In Finland there are a lot of people secured very well their data through some security product such as fireproof cabinet and other cabinet that will surely make your data treasured and safe.
Posted by: Aila Laine | 12/04/2012 at 11:07 PM
Thanks all for your comments. It's so good to have people actively making efforts to improve the security of all systems and data!
Posted by: Jonena Relth | 12/05/2012 at 07:44 AM