BusinesseHealthHospital AdministrationMedical RecordsPolicy & LawTechnology

How to Secure Data in Healthcare

Rick Delgado
Rick Delgado
6 Min Read
health data security issues

health data security issuesRecent headlines of data security breaches at large corporations and system bugs like Heartbleed and Shellshock have reminded us of the importance of proper network security.

health data security issuesRecent headlines of data security breaches at large corporations and system bugs like Heartbleed and Shellshock have reminded us of the importance of proper network security. When this responsibility isn’t taken seriously, not only does it result in stolen information, but damages to brand reputation and millions of lost dollars.

While we often equate these problems with banks, social media sites, or large retailers, we forget one of the most important, yet vulnerable, industries to these types of attacks – healthcare. It’s scary to think organizations responsible for our health haven’t properly prioritized protecting our information. In fact, healthcare spending on IT security is only about one-fifth of comparable industries, even as the healthcare industry turns more and more to online systems from ACLS recertification to sensitive patient records.

With changes in technology, digital filing is replacing the traditional paper filing systems. Often called the Electronic Health Record, EHR is a collection of patients’ health information. The idea is that patient records can be shared across different healthcare settings, and allow physicians access to medical history and other important information in order to provide better care. In 2005, the UK’s National Health Service began utilizing EHR systems and wanted to create a centralized database. While the plan was ultimately abandoned, the NHS continues to pursue digital solutions to sharing patient information. Ideally, EHR will lead to greater cost efficiency, care delivery and patient outcomes. However, the sharing of electronic information comes with greater threats and an increased need for strong IT security measures.

More Read

Hospital Ranking Disagreement Isn’t the Only Such Problem
Price Transparency in Medical Care
Your Study Path in Nursing: Hardships in Education and How to Overcome Them
Mette Dyhrberg talks about application of patient-generated data and self-tracking at Doctors 2.0 & You 2015 #doctors20
Tips for Small Businesses to Reduce Healthcare Costs

The problem is that breaches in network security don’t simply mean lost personal information. While having sensitive information in the wrong hands is scary, when it comes to healthcare, the consequences are much more severe. With so much medical equipment being controlled by computers, hackers could alter drug infusion pumps and administer lethal doses, or control defibrillators to deliver random shocks (or none at all). Even simpler, medical records could be altered, leading doctors to prescribe the wrong medicines or unable to access important information during life-threatening situations.

Ultimately, the responsibility of maintaining network security falls on the CEO. It’s his or her job to protect important assets, and patient information is just as important as physical assets. Because of the financial pressures CEOs face, proper measures are often sacrificed for cost saving features, which is a dangerous game to play in this industry.

In order for things to change, healthcare organizations need to switch their IT security strategies from reactive to preemptive. Examples are all too plentiful of how ineffective (and costly) it is to handle a crisis without any preparation. CEOs need to take the lead and implement network security into their overall strategy. It should be the topic of C-suite meetings, board meetings, and should be constantly reviewed and tested.

Part of the strategy should also include investing in a Chief Information Security Officer. IT departments are often spread so thin, having someone devoted to maintaining network security is too often overlooked. In addition, invest in hiring IT experts. Because of their high demand, healthcare organizations are often left without the experts and having to hire junior IT security staff in their place. With the complexity of threats and sensitivity of patient information, don’t settle for minimum qualifications.

One of the major contributing factors to breaches in personal health information is portable computing devices. So many organizations these days have adopted Bring Your Own Device policies. While there are many advantages to allowing employees to use devices they are familiar with, employees use these devices in so many different capacities, the risk for breaches is greatly heightened. Employees should be properly trained on how to protect patient information.  

Finally, it would be wise to invest in a professional IT security assessment company. If you choose to do so, find a company with healthcare experience, and who is familiar with the issues facing the industry. So many IT security assessments are ineffective because the organization or the actual person doing the assessment is inexperienced. Be aware of who you’re working with, and put in the time to do a little research and find the right company.

health data security / shutterstock

TAGGED:
Share This Article

Stay Connected

Latest News

intimacy
How to Keep Intimacy Comfortable as You Age
Relationship and Lifestyle Senior Care
engineer fitting prosthetic arm
How Social Security Disability Shapes Access to Care and Everyday Health
Health care
a woman explaining the document
How a DUI Lawyer Can Help When Your Future Health Feels Uncertain
Public Health
physiotherapist at work
How One Fall Can Lead to a Long Road of Medical Complications
Health care

You Might also Like