Let’s take a look into Healthcare IT Security and HIPAA. To date there has been over 30 million patient records breached and this has been increasing rapid every year since the creation of the Meaningful Use Incentives. These incentives mandated the use of national wide program of the Electronic Health Records (EHR) systems. These EHR system implementations have been on the rise due to government incentives and enforcement.
In the past, IT spending in healthcare has not been aligned with achieving objectives because of the rising demands for overall transformation of the healthcare industry and the competitive pressures on healthcare providers and organizations. The healthcare industry urgently needs the improvements new IT and Data Privacy solutions can enable.
This graph shows a comparison of the complaints that U.S. Office for Civil Rights has investigated and resolved by calendar year. The first bar in the group of three per year represents the complaints closed in which there was no violation, the second in which there was corrective action, and the third reflects the total closures.
In a 2014 Cost of Data Breach Study by Ponemon, it was reported that the cost per patient record breach is $359. Some of these data breaches result for million dollars settlement as seen in the news with one of the largest breaches in ePHI data for 2014. See Data breach results in $4.8 million HIPAA settlement.
How to protect patient information
Over 30% of data breaches happen due to inappropriate access to patient information. Inappropriate access includes your employees or partners snooping, modifying, stealing or deleting the data. Some simple ways to detect and prevent this from happening is as follows:
- Turn on system auditing access and review the logs. If you dont look at it, you dont have no idea what is going on with the EHR system.
- Employee education regarding auditing. If you tell your employees you are reviewing this, you may deter any improper access of patient records.
We have utlilized Data Compliance and Audit Systems for many clients, which have been put in place to detect, record, and remediate unauthorized access or changes to sensitive data, including those by privileged users. For many healthcare providers, IBM’s InfoSphere Guardium has reduced compliance costs by providing a simple means of automating and centralizing compliance controls, even in geographically dispersed multi-IT environments.
Another 10% of patient data breaches is lost tape or harddrive backups. The other breaches are from improper use of emails for ePHI data and hackers.
Information security must play a central role in this transformation both in terms of ensuring patient trust through proper use of their data and
protecting the business from threats ranging from cyber crime to brand damage associated with data breaches. Now Healthcare Professionals – the ball is in your court you must take charge and create the IT and Data Privacy that will make you HIPAA/HITECH Compliant.
For more information, feel free to reach out to us on HIPAA Risk Assessment, Healthcare IT Policies and Procedures, or tools for Data Privacy or Compliance web tools at [email protected]