Monday, March 11, 2013
Best practices, technology necessary for healthcare data security
At times, it seems like data breaches in the healthcare industry are an epidemic. In the past year, dozens of healthcare providers and related organizations have gained unfortunate experience in this area. Governmental bodies, large hospital groups and small private practices have all seen their patients and personnel's sensitive financial and medical information exposed. This puts the affected individuals at risk of identity theft and fraud, and raises the possibility of legal action, including regulatory fines and civil lawsuits.
Considering these consequences, healthcare providers undoubtedly have significant incentive to achieve effective data security. Yet doing so is easier said than done.
Addressing this issue, several industry experts recently asserted that protecting patient data requires a commitment to both best practices and technology, such as secure file sharing solutions.
A growing problem
Writing for the New England Journal of Medicine, the three authors, all of whom are officials from the U.S. Department of Health & Human Services (HHS) Office of Inspector General, argued that providers must be proactive when it comes to protecting the data in their possession.
Unfortunately, many hospitals have not fully modernized their data protection strategies for the era of digital data, the report suggested.
"Traditionally, hospitals posted notices in elevators and cafeterias warning staff members not to discuss patients in public areas," the authors noted. "The risk of electronic eavesdropping further complicates health care providers' responsibility to protect patient privacy."
The rise of digital in the healthcare industry means that a data breach can much more easily arise due to insufficient precautions, not just risky behavior, on the part of the provider. The report noted that government auditors have been able to obtain patient information simply by sitting in hospital parking lots and accessing unsecured wireless networks.
The frequency of these data breaches appears to be growing. The authors pointed out that the Office for Civil Rights has received more than 77,000 recent complaints concerning healthcare data breaches, leading to more than 18,000 corrective actions.
A multifaceted approach
The report authors advocated a number of strategies for limiting the risk of data breaches for healthcare providers. One critical component of any approach, they asserted, is the implementation of effective technological solutions, such as up-to-date security software and encryption programs.
Additionally, the authors argued that hospitals and other care providers must ensure that employees follow best practices. For example, the report recommended that hospitals "disable and do not install or use file-sharing applications" to ensure security.
This is sound advice, when it comes to free, low-grade file-sharing applications, such as Dropbox and Gmail. However, hospitals will still inevitably need to distribute data electronically. The answer to this conundrum is to pursue high-end, robust secure file transfer software solutions. Dedicated programs featuring advanced features can ensure the integrity and security of all data sent to and by healthcare personnel, greatly reducing the risk of data breaches.