Addressing Data Security Issues in Healthcare In business organizations, data security issues are bad news. While affecting the reputation and financial stability of the organization, data breach undermines consumer confidence. In healthcare, the risk is limited not just to the concerned hospital, business associate or provider, but affects the entire medical industry. Breaches involving the personal information of patients are one of the major risks that healthcare providers face today.
Electronic Health Records and Breach of Protected Health Information (PHI) The number of hospitals that have implemented Electronic Health Record (EHR) systems has increased rapidly over the last few years. Though the system improves efficiency, care delivery, and patient outcomes, it can be meaningful only if there are proper mechanisms to ensure information security. According to a Redspin Breach Report published in February 2014, the PHI of over 7 million patients was compromised in 99 large breaches in 2013, as reported to the Department of Health and Human Services’ Office of Civil Rights. The number of data breaches rose by as much as 137 percent in 2012-2013.
Source: Redspin Annual Data Breach Report 2013
Healthcare Data Breaches that Made Headlines According to a CTV Calgary report published on October 7, 2014, the personal health information of 247 patients at Alberta Children's Hospital was accessed by an unauthorized person – a former employee of the hospital. An audit showed that the breach extended over a 14-month period. Data that may have been compromised includes patient history, contact information, date of birth, names of relatives, and emergency contact information. In August, Chinese hackers stole 4.5 million medical records of Community Health Systems patients including their Social Security numbers, putting their identities at risk. NRAD Medical Associates made news in July when it was reported that the personal information of almost 97,000 patients in Long Island, NY were stolen from this practice. Based in New York, NRAD is one of the area's largest radiology groups with 18 locations and thousands of patients. According to the report, one of its employee radiologists accessed and acquired data relating to patient names, addresses, social security numbers, diagnosis codes, and insurance information. Consumers should be aware of the signs of a medical identity theft:
Obtaining a bill for medical services from a doctor or hospital that the patient has never used Receiving bills in other people’s names Getting collection calls for payments on medical accounts of other people Obtaining a change of address notification from the insurance provider Denial of medical insurance Receiving notification from a hospital or doctor that your private medical information was compromised
Measures to Minimize Risk of PHI Security Issues Healthcare organizations are prone to PHI security issues and given the dynamic nature of technology, these are hard to avoid. However, industry experts say they can be minimized by measures such as implementing periodic HIPAA risk analysis, assessing new vulnerabilities that may have arisen, encryption of data on all portable devices, and security awareness training for employees. Finally, healthcare providers need to ensure that their outsourcing vendor for data entry, document scanning or medical billing and coding handles PHI effectively.
Contact Managed Outsource Solutions 8596 E. 101st Street, Suite H Tulsa, OK 74133 Main: (800) 670 2809 Fax: (877) 835-5442 E-mail: info@managedoutsource.com