Safety is a prime concern in any walk of life, and the reassurance of safety is what provides the confidence to act. In a business scenario, business data is a very important commodity that is indispensable for strategic decision making and day-to-day functioning of the organization. It naturally follows that this data must be protected in the best manner possible, necessitating extra caution when using data entry services and other business solutions. Unfortunately, the number of data breaches is on the increase. In the U.S., it increased 29% in the first half of 2017 reaching a record high of 791. This is according to a new report by the ITRC (Identity Theft Resource Center) and CyberScout, the data risk management company.
The healthcare industry has been slow to address the dangers of hacking, and breaches are increasing drastically. For instance, in September 2016 a local hospital’s (Tulsa, Oklahoma-based Saint Francis Health System) IT system was hacked and hackers threatened to publish patient data on the Internet. Data breaches in healthcare include cases wherein hackers steal protected health information to commit medical identity theft, as well as instances such as an employee viewing patient records without authorization. When data is compromised, it can prove very costly for providers and attract heavy HIPAA fines and other compliance costs apart from damaged reputation and loss of patient trust.
Medical data includes all important information such as social security numbers, dates of birth, contact information, driver’s license number, test results, diagnosis and so on. Mixing identities by selling personal information or falsely obtaining healthcare could lead to dangerously muddled patient records. Hackers also threaten to dump all the patient data online unless the organization pays a ransom.
Often healthcare organizations are late to detect problems, and half of US consumers who have experienced a breach discovered it themselves through an error on their credit card statement or benefit explanation. According to a research studyby Accenture, 26% of U.S. consumers have experienced a healthcare data breach and 50% of them became victims of medical identity theft. The average out-of-pocket cost for victims of medical identity theft is estimated at $2500 per incident. The affected patients either changed their healthcare providers or insurance plans, or sought legal counsel. Data breaches most frequently occurred in hospitals, urgent care clinics, pharmacies, physicians’ offices and health insurers.
Healthcare organizations must be proactive about protecting sensitive patient, financial and other data. This requires a combination of smart use of technology, physical security for buildings, and employee education.
Security professionals who are aware of potential opportunities for healthcare information breach can help hospital systems and the industry overall, and strengthen defense to help ensure that consumer data is safe. What are the steps they can take in this direction?
- Persuade patients to monitor their medical records and read all statements therein. Inaccuracies are a sign that their data might have been mixed up with another person’s. Patients should get a summary from their providers at least once a year.
- Request patients to check their credit report: Any discrepancies in credit reports could mean that the consumer’s medical data has been compromised.
- Advice patients against sharing too much of their personal information. Patients should understand that healthcare providers need only minimum personal information and they would not ask for details such as social security numbers.
- Ask patients to inform authorities immediately if they suspect any foul play: If patients find any unusual activities, then they should feel free to inform the provider or insurer about it. Patients should be given user-friendly channels via which they can do this.
A secure system of keeping data can minimize the rate of data breaches and healthcare industries should utilize advanced technology to protect patient data.
- Encrypted enterprise platforms that provide 256-bit AES encryption to ensure safe exchange of data comprise one of the most advanced technologies. These platforms can also reveal any existing network threats.
- Backing up patient records with the help of a data entry company will make the organization less vulnerable to ransom demands.
- Another safety measure is biometric authentication. Access to labs and records can be controlled with the help of software that can identify physical features of an individual such as retinal patterns of the eye, voice, and fingerprints.
Apart from advanced technology, healthcare entities should have a clear and effective action plan for all their staff in case a data breach attempt occurs. Regular risk assessment and notifications regarding any data exchange outside the network should be part of that plan. The plan created should be put to the test regularly to eliminate any identified vulnerabilities. Advanced technology, proactive measures and proper employee training can work together to mitigate data breaches and consequent compliant issues.