A recent study by the Ponemon Institute revealed that 90% of health care organizations either exposed their patients’ data or had it stolen during 2012 and 2013. On today’s black market, medical records are far more attractive to criminals than credit card numbers. A credit card can be cancelled–but a Social Security number is much harder to replace. Outside obvious fraud opportunities, drug seekers can pose as patients to obtain prescriptions for personal use or future resale, and insurance agencies can be fraudulently billed by identity thieves for massive sums.
With all this on the line, it’s a no-brainer that keeping your patients’ data safe is key to ensuring their long-term satisfaction and the return of their business. However, for many hospitals, IT security just isn’t a priority. There isn’t time for it to be! This is why outsourcing claims and payment management through vendors like HCM can be such a benefit to an institution. There are other, internal steps an organization can take as well to defend the charts of those in their care from hackers.
Separate Servers, Heightened Security
One elementary mistake many care providers make is keeping their patient information on the same servers they use to do business. Once a hacker infiltrates the company’s first line of defense, there are no further hurdles between them and the most personal information of hundreds (or thousands) of individuals. Separating patient charts into a separate, more secure server introduces a failsafe.
Encryption is Essential
Many companies both in and outside the health field only encrypt data when it is being transmitted, not while it’s in storage. In fact, this was part of the oversight, which led to the massive Anthem data breach earlier this year. Choosing to encrypt data even while it’s sitting unaccessed is essential to ensuring security—even if you have the most up-to-date security available, once it’s breached, everything will be available for the taking.
The biggest threat to any system’s internal security is the actions of those who use it. Train employees to recognize spam emails and encourage them to check with IT before clicking any links received from an external source. Software downloads should only be allowed when a user is logged in as an administrator. Passwords for systems that access patient information should not be shared, and you might consider changing them regularly.
Disaster Recovery and Portability
HIPAA rules recommend that covered entities (like hospitals and clinics) and their business associates prepare an effective and comprehensible disaster recovery plan to be implemented in situations ranging from natural disasters to sabotage. One effective tool in this plan could be external storage for critical files. This can double as a security measure in that the external drives can be subject to more stringent encryption–and since they’re portable, someone could literally carry them out if an evacuation is necessary.
While no system will ever be impenetrable, these kinds of actions are becoming easier than ever in today’s high-tech world. Don’t get left behind—partner with agencies like HCM, who will back you up and work daily to ensure security and achieve satisfaction.