By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
    Health
    Healthcare organizations are operating on slimmer profit margins than ever. One report in August showed that they are even lower than the beginning of the…
    Show More
    Top News
    improving patient experience
    6 Ways to Improve Patient Satisfaction Within Hospitals
    December 1, 2021
    degree for healthcare job
    What Are The Health Benefits Of Having A Degree?
    March 9, 2022
    custom software development is changing healthcare
    Digital Customer Journey Mapping and its Importance for Healthcare
    July 21, 2022
    Latest News
    Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
    May 16, 2025
    Learn how to Renew your Medical Card in West Virginia
    May 16, 2025
    Choosing the Right Supplement Manufacturer for Your Brand
    May 1, 2025
    Engineering Temporary Hospitals for Extreme Weather
    April 24, 2025
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
    Policy and Law
    Get the latest updates about Insurance policies and Laws in the Healthcare industry for different geographical locations.
    Show More
    Top News
    Can Thinking Younger Make You Live Longer?
    April 20, 2011
    Image
    Obesity’s Outlook Unchanged
    June 13, 2011
    When It’s An Emergency Elderly Not Treated As Well in Hospitals
    July 16, 2011
    Latest News
    Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
    May 18, 2025
    The Critical Role of Healthcare in Personal Injury Recovery: A Comprehensive Guide for Victims
    May 14, 2025
    The Backbone of Successful Trials: Clinical Data Management
    April 28, 2025
    Advancing Your Healthcare Career through Education and Specialization
    April 16, 2025
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: The Iceberg Waiting for Your Health Care Data
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > eHealth > Medical Records > The Iceberg Waiting for Your Health Care Data
eHealthMedical Records

The Iceberg Waiting for Your Health Care Data

David Harlow
Last updated: May 1, 2014 8:00 am
David Harlow
Share
6 Min Read
SHARE

Iceberg_ccThe Heartbleed web security exploit was first publicized several weeks ago.

Iceberg_ccThe Heartbleed web security exploit was first publicized several weeks ago. In the time since then, numerous web-based services have let their users know (some more clearly than others) whether and how their data security was compromised by this OpenSSL flaw that has been open for about two years. This is one flaw, one exploit, but on a scale of 1 to 10, it has registered as an 11 on our collective consciousness. Fred Trotter notes in the MIT Technology Review that other similarly worrisome exploits do not get our attention in the same way, and that more health data leaks are likely in our future. He also cites others’ observations that many health IT vendors are not currently equipped to respond effectively to such exploits in a timely manner.

Everyone loves to hate HIPAA (including those who can’t spell it correctly). The core of the privacy and security protections in HIPAA (including the HITECH Act updates) is directed at improving the baseline of patient control (over who has the right to see which pieces of personal health information) so that we can all have greater confidence in EHR systems and related electronic systems handling our health care data. Rather than continuing to heap abuse on HIPAA, I think that critics should turn to addressing the underlying problems of our worldwide cloud infrastructure that, for all the benefits it enables, has its warts. Financial and health care data are regularly stolen on line, and health care records fetch a premium on the black market thanks to the richness of their data. The FBI shares Fred’s perspective regarding the likelihood of additional exploits targeting the health care sector (particularly given the January 1, 2015 target date for Meaningful Use compliance), so this is not the last we’ll be hearing about large-scale security exploits.

The deadline to transition to EHR is January 2015, which will create an influx of new EHR coupled with more medical devices being connected to the Internet, generating a rich new environment for cyber criminals to exploit. According to open source reporting from SANS, Ponemon, and EMC²/RSA, the health care industry is not technically prepared to combat against cyber criminals’ basic cyber intrusion tactics, techniques and procedures (TTPs), much less against more advanced persistent threats (APTs). The health care industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely.

FBI Cyber Division Private Industry Notification 140408-009. (Updated later; update not available.)

More Read

Quality Assurance: Strengthening Healthcare Technology
4 Tips for Using HealthCare Social Media to Attract New Patients
Healthcare Blockchain Technology: The Good, Bad, And Terrible
Can Innovative Software Reduce Hospital Admissions?
Healthcare IT VC Funding Almost Doubled in 2013

So what is to be done?

First, come to terms with the fact that privacy and security are not absolutes. The sooner you do, the happier you’ll be. As a family member of mine used to say, “It is what it is.”

Second, keep an eye on The Wall of Shame starting in early June. Health care data breaches experienced by covered entities under HIPAA involving 500 or more individuals must be reported to OCR within 60 days of discovery, and are posted there. (Breaches including fewer than 500 individuals are to be reported within 60 days of year-end.) So far, the only Heartbleed breaches we’ve heard about involve Canadian social security numbers and a newspaper. Information about breaches tied to Heartbleed may turn out to paint an interesting picture of health IT vendors serving covered entities. (I don’t think that the fact that the Heartbleed exploit was available for two years is, in and of itself, a breach worthy of notification. If it were, OCR could be deluged with breach notifications.)

Third, don’t just give up. Do your part to ensure that health data are kept as private and secure as possible. Policies and procedures should be in place — and should be followed (yeah, that) — to minimize the likelihood of a damaging breach, and the effect of a breach when it occurs. Take warnings to heart, and act on them in a timely fashion.

In the face of all these questions about inappropriate access to information in health records, concerns about the accuracy of data input into EHRs was recently identified as the leading concern consumers have about EHRs. So there are concerns about data coming into the system as well as concerns about data coming out of the system.

The industry has a lot of work to do to assure stakeholders that data privacy and security, as well as data integrity, are well in hand.

What are you going to do?

TAGGED:data securityEHRHealth DataHIPAApatient data
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

Clinical Expertise
Building Smarter Care Teams: Aligning Roles, Structure, and Clinical Expertise
Health care
May 18, 2025
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Grounded Healing: A Natural Ally for Sustainable Healthcare Systems
Health
May 15, 2025
Learn how to Renew your Medical Card in West Virginia
Learn how to Renew your Medical Card in West Virginia
Health
May 15, 2025
Dr. Klaus Rentrop Shares Acute Myocardial Infarction heart treatment
Dr. Klaus Rentrop Shares Acute Myocardial Infarction
Cardiology
May 13, 2025

You Might also Like

Fly First Class and Pay Economy for HIPAA Compliance

September 5, 2012

How to Get a Job in HealthCare IT: Video

June 17, 2012

Chat 126: Can Social Media Be Used to Influence Healthy Behaviours and Track Diseases?

May 7, 2013
Healthcare IT Risk Questions
BusinesseHealthHospital AdministrationMedical RecordsTechnology

5 Healthcare IT Risks in 2014

May 6, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?