Keeping Patient Data Secure in a Digital World

Americans have been “vulnerable” to the misuse of their own personal records since the birth of our nation. With the advent of computers and data storage via digital media (e.g., floppies, hard drives, cloud drives, etc.), data security has become more and more difficult to maintain because there is a limited ability to place any “lock” on personal information. This demand for increased data security has now bled into the healthcare industry.

The reported number of medical practices that have been hacked has risen over the past decade. Congress initiated efforts at more comprehensive security when it passed the Health Insurance Portability and Accountability Act (aka “HIPAA”) in 1996 with the purpose of bringing some safety to digital records. Even with legislations in place, however, it is up to the individual doctors and private practice owners to ensure their patients’ confidential information remains secure.

Safety of Medical Data

Healthcare providers must store health records digitally, maintain security, and control access to that information (i.e., assure privacy). HIPAA gives consumers access to their medical records, but limits who else may have access. This is extremely significant since social security numbers, credit card information, bank card payment routing, as well as patient records and related history data may reside in those medical records. A consumer may release medical record information to family and related care-givers, but healthcare providers are legally bound to protect consumer privacy from others, including third-party payers. Unfortunately, malware on our personal devices may compromise that access.

Protecting Patient Confidential Information

Patients have a number of vehicles for protection from identity theft and privacy of their personal data. Healthcare providers also have several things that they may do to secure patient records, e.g., keep software updated to current standards (meet current “Electronic Data Interchange” standards); utilize encrypted web access with the current standard (currently “https”); control access to all storage apparatus (including who may operate keyboards to access data or websites by continually altering passwords for those users); utilize security measures to identify and limit access to malware; etc. Such organizations as Electronic Frontier Foundation, Fight for the Future, Google, Mozilla, etc. make software available to enhance privacy for individuals and businesses.

An Evolving Problem Beyond HIPAA Data

The data security threat continues to morph. No longer is the focus on home computers. The hacker emphasis now appears to be on companies’ data storage libraries stored in the cloud. We have become a society of myriads and myriads of i-phones, tablets, i-watches, and minicomputers capable of accessing information immediately on a highly mobile basis. “Innocent” websites entice users into a labyrinth of “buttons,” “taskbars,” “games,” etc.

What appears innocent may be a vehicle for planting code within the gadget’s operating system that enables the hacker to gain access to account numbers, passwords, data libraries, businesses, etc. residing on the electronic device. It then becomes easy for the hacker to use this information to access accounts and place similar sleeper programs on a corporate entity’s storage system. Aetna in the healthcare universe and Target in the retail marketplace are examples of the result, major compromises of client data.

Avoiding Potential Cybersecurity Threats

There is a time to seek professional security help. Industry specialist and chief technology officer Hugh Thompson notes, according to Blue Coat, that even “as we sleep, exercise, work and shop with our mobile devices, cyber criminals are waiting to take advantage of the data these devices collect, as evidenced by the types of malware and attacks we’re seeing. … The implications of this nefarious activity certainly carry over to corporate IT as organizations rapidly adopt cloud-based, mobile versions of enterprise applications, opening up another avenue for attackers.”