Wednesday, March 12, 2014
Employee data sharing practices put healthcare organizations at risk
From HIPAA compliance to protecting against identity theft, healthcare organizations have some of the most pressing data security needs.
Secure File Transfer
From HIPAA compliance to protecting against identity theft, healthcare organizations have some of the most pressing data security needs. Electronic health record (EHR) software offers medical facilities outstanding opportunities to collect, store and analyze medical information, ideally helping them to improve care and enhance their operations. This data can also be used to drive big data analytics, providing a bird's eye view of disease across demographics or regions and assisting them to identify more efficient and effective procedures.
However, this all comes with the need to keep data secure and protected. Clinicians often need to collaborate and share information about patients in order to make fast, informed decisions. HIPAA regulations and other security guidelines require that medical centers abide by the strongest secure file sharing protocols. Unfortunately, healthcare organizations are still struggling to make these goals a reality, experiencing many of the same challenges that companies face in other industries.
Employee behavior and data security
According to the 2013 HIMSS Security Survey, medical centers need to do more to advance their data security, especially with regard to threats from within the organization. Because patient health information is protected by federal law, healthcare facilities need to be especially careful to grant access to only the right people, even among their own staff. The report indicated that a "threat motivator" for workers was the desire to look up health information about friends, family and coworkers that they do not legally have the right to access.
In addition to the need to have more control over user access and audit logs, many healthcare organizations face the challenge of curbing risky behavior such as clinicians communicating patient information over non-approved means, like personal email or text messaging. Like corporations in the business world, medical centers have employees who depend on the ability to share documents and work together while solving problems. However, the need to keep data secure and private requires better secure file transfer solutions that offer clinicians convenient alternatives to their favorite shortcuts.
Lack of data security costs add up
A recent report by MeriTalk indicated that security breaches, data loss and unplanned outages cost U.S. hospitals over $1.6 billion every year in the Executives at the vast majority of health organizations say their system is unprepared for unexpected incidents, the report added.
"Healthcare organizations are making significant IT investments to transform IT structure and ensure that patient information is secure, protected and highly available. Trust has become a business priority," said Scott Filion, general manager of Global Healthcare at EMC Corporation.
As a recent example, Skagit County in Washington was recently fined $251,00 for violating HIPAA regulations because its website exposed protected health information and it didn't respond according to guidelines, Health Data Management reported.
The struggles faced by medical facilities as they embrace technological tools for managing medical care and storing increasingly large volumes of data for analytics apply across the board to many industries. Not all sectors have the same highly sensitive patient health information to protect according to regulatory compliance guidelines, but many corporations handle private identification and other sensitive data about their customers, employees and business partners.
With data breaches on the rise worldwide, it's imperative for organizations to have secure file transfer solutions to manage their information resources. The health industry epitomizes the need for a perfect balance between heightened data security and high-speed, immediate access to accurate, comprehensive information. When a patient's life is at risk, clinicians depend on the ability to see the most up-to-date vitals and test results, and they require tools to consult with colleagues.
Similarly, to prevent employees from resorting to practices that evade corporate security best practices, organizations need to offer convenient, user-friendly options for them to access and share the information they depend on.