Everyone leading healthcare organizations in the United States is aware that healthcare data is at risk for hacking attacks. Greater awareness and the institution of tighter healthcare security measures has not done much to discourage the efforts of criminals to gain access to private information. Security breaches in healthcare continue to be common headaches for organizations across the map. If anything, hacking techniques have become more sophisticated and complex as a result. Healthcare security needs to take note and respond.
We’ve spent a decade moving patient information to electronic medical records, so that providers at different organizations can easily connect. Some experts believe that “the next 10 years will be about ensuring the data that has been collected and stored in the cloud is being used in a secure and meaningful way” (Wilking, 2018). The upshot as even more sensitive data and information is stored digitally will be increased regulation and oversight to ensure that security and privacy is protected across healthcare.
Some of the ways stolen healthcare information can be used involve identity theft, insurance fraud, extortion, and even market fraud. One example is that public figures could be blackmailed about private life details. Another is where corporate leaders could have a healthcare condition that might affect company performance if a leadership succession plan isn’t already in place. Healthcare organizations are hiring more and more cybersecurity professionals to oversee their efforts, especially from industries like the military and financial services, where security has long been something to safeguard.
Data security is also connected to risk. When a privacy breach occurs, a healthcare organization has also violated HIPAA, which often requires a fine or settlement with the U.S. Government. Private lawsuits can also occur, as can Corporate Integrity Agreements (CIAs) involvement extensive training programs to prevent repeat violations.
Health IT Security just released the following five ways that healthcare organizations can safeguard protected health information (PHI) by instituting up-to-date cybersecurity measures. Specifically, the article recommends efforts to bring patient portal security up-to-date and keep networks safe from unauthorized access. Healthcare data security and preventing security breaches in healthcare has never been more important.
These healthcare data security measures include:
Protect the initial sign-up process to stop false enrollments into a patient portal. Patients should only need to enter a few pieces of information, just enough to confirm the user’s identity on the back end.
HIMSS Analytics has stated that 78% of providers had ransomware and malware attacks in 2017. If email is the likely route for deploying malware, conventional security measures must consistently evolve. Outdated anti-virus software can make organizations vulnerable to every new iteration of malware. Institute automatic opt-ins so updates are downloaded and installed as soon as they’re made available.
After a sign-up, use multifactor verification to ensure all future portal sessions are equally secure. Two-factor authentication adds additional protection on top of conventional login credentials. Require a password or PIN, plus something personal such as a cell phone number, fingerprint, iris scan, or more. For compromised devices or accounts, multi-factor authentication can ensure a network remains safe. Consumers are already used to these measures.
HIPAA requires providers to ensure you’re giving access to the right patient. Use measures that can help you confirm a person is who they say they are. Identity proofing questions can be triggered to provide an extra check, when something doesn’t seem right. Biometrics are beginning to supplement existing identity-proving solutions. Communicate the steps your organization is taking to secure patient information, so patients feel about your commitment to data security.
Interoperability ensures disparate systems can share medical histories and data in ways that support outcomes improvement across the continuum of care. Without it, we’ll still be forced to use email, with all its capacity for phishing attempts causing security breaches in healthcare and lapses in protection.
Davis, J., “Best Practice Cybersecurity Methods for Remote Care, Patient Portals, Health IT Security, March 20, 2020, Retrieved at https://healthitsecurity.com/news/best-practice-cybersecurity-methods-for-remote-care-patient-portals
Wilking, M., “5 Ways healthcare organizations can improve data security,” Becker’s Health IT, July 10, 2018, Retrieved at https://www.beckershospitalreview.com/healthcare-information-technology/5-ways-healthcare-organizations-can-improve-data-security.html.
HealthStream’s compliance training solutions help healthcare organizations across the care continuum comply with government regulations and accrediting body requirements while developing and engaging staff. In addition to providing essential tools and training to help you remain compliant, we help analyze your training data and provide insight into your training initiatives—enabling you to measure compliance progress, identify outstanding challenges, and determine where to make compliance program improvements. Our innovative educational content, data solutions, and tools are recognized throughout healthcare as the industry standard for comprehensive and engaging compliance training.
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.View All Learning & Performance
When you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.View All Quality & Compliance
Fulfill compliance requirements with a variety of programs and courseware designed to address critical regulatory requirements as well as educate staff to recognize and mitigate risks.View All Products
HealthStream offers professional training and education on how to best optimize your reimbursement process within your healthcare organization.View All Reimbursement
Improve the preparedness of your staff, increase survival rates, and cut costs with the advanced resuscitation training services from HealthStream.View All Resuscitation
Expand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.View All Clinical Development
Delivers everything you need to request, gather, and validate information about a provider to create a single source of truth for downstream processes.View All Credentialing
Make sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.View All Scheduling & Capacity Management