Security and privacy issues have always been a prominent concern.
But the rapid growth of EHR systems and the use of data analytics are increasingly creating opportunities for data compromise to occur.
Information systems have so much untapped promise for the future of healthcare and data security professionals are witnessing profound changes in the security needs of healthcare practices. Data security must now work harder and become smarter to survive.
Preventing the next cyberattack is no easy feat and requires special expertise. Electronic data may hold promise for healthcare, but weak security is healthcare’s greatest new threat and ongoing challenge.
A growing threat
Cyber attacks are no longer science fiction and for healthcare practices today, they represent an ever-present reality. This past year, many prominent organizations such as Premera, Anthem, UCLA Health, Excellus, CareFirst, and others announced significant data breaches.
With so many large healthcare organizations experiencing data breaches, the new total number of patient records compromised within the past five years now exceeds 143 million. In 2015, more than five times as many hacking incidents occurred than in 2010, or 57 compared with 10, respectively.
In fact, 99 percent of all individuals who were impacted by data breaches in 2015 were victims of a hacking incident. The Ponemon Institute estimates that hospitals, clinics and doctors lose more than $6 billion each year to cyber attacks. Their recent report highlights the size and scale of this problem–90 percent of the participating organizations they surveyed were victims of cyber attacks within the past two years, with almost half were attacked more than five times.¹
Strong security is the answer. Because security threats present themselves inside and outside of the office, it is more important than ever to be ready and prepared. Good security is not an event–it is a process, and an essential part of every healthcare and chiropractic practice.
Thankfully, there are resources and tools available to help you protect yourself, your practice, and your patients. Just as the security threats are bigger and scarier, the security solutions are now more powerful and insightful than they were before.
Staying ahead of security breaches requires today’s EHR vendors, billing and claims clearinghouses, and other companies that store, process, and use healthcare data to use next generation security. Looking for the right vendors who understand these important responsibilities and commitments is essential.
Healthcare data security is also much more than securing your EHR system. Being proactive and thoughtful about information security may help you identify problems before they occur. Your own due diligence is an essential part of combating cyberattacks and preventing breaches.
Conducting audits, eliminating points of access for unauthorized users, and enlisting the help of your staff and partners prepares you to address upcoming security challenges.
If you still need to really commit to protecting your patients’ data, you can start by conducting a security audit to assess your current level of risk and identify preventative steps to take and changes to implement in your office practices, physical security and technology use. The Federal Government’s HeatlthIT website has information about how to conduct your security risk assessment.
From there, you can begin making changes to your practice based on how well you performed. You should also ask your EHR vendor how you can partner with them to strengthen your computer security practices. Keep in mind that all computers should be kept physically protected as well. If you use other types of devices such as smartphones and tablets or other easily-stolen portable EHR portals, these should also be kept away from unauthorized access.
When every practice, vendor and healthcare community stakeholder makes a commitment to protecting data, information security, and privacy become a more realistic promise for America’s healthcare system. The future of healthcare will likely bring many more data breaches, but together we now have more we can do to protect patients.
¹HealthIT Dashboard. “Breaches of Unsecured Protected Health Information.” The Office of the National Coordinator for Health Information Technology. https://dashboard.healthit.gov/quickstats/pages/breaches-protected-health-information.php. Published: February 2016. Accessed: December 2016.