protecting patient data in healthcare

How Doctors Can Transmit Patient Data Securely

protecting patient data in healthcare

Doctors must take precautions when sharing patient data. Learn more about how doctors should protect your PHI in this guest post from Heather Lomax. (Photo courtesy of MaxPixel)

The following guest post on protecting patient data was submitted by Heather Lomax.

Communication efforts in the last few years have greatly advanced between doctor and patient. Instead of having patients drive out for a visit or make drawn-out phone calls every time something needs to be discussed, some doctors’ offices have started to use online portals and email correspondence with patients. These options are extremely efficient, but they also place patients at a higher risk of medical identity theft. Therefore, special measurements need to be taken in safely transmitting patient data.

PHI Data and Email Encryption

First and foremost, patients need to make sure their devices are encrypted when they access medical data. Not operating on such a system places data at risk for theft with ease. Therefore, portals offering medical data need to be encrypted as well. Patients should be made aware that if their computers at home are not secure, then they place their data at risk there as well. Sending patients emails also requires another degree of encryption.

Different Types of Email

Several types of emails exist when it comes to safely transmitting data information with patients. For web-based email applications, doctors’ offices and patients alike need to use accounts with HTTPS encryption. This method is the only means by which web-based email is secure. The email is sent to a patient should also be encrypted using either PGP encryption methods or Symantec Digital IDs. In both of these aspects, each email comes with its encryption.

Use Cloud Services for Fax and Email

HIPAA regulations make specific claims about how data should be transmitted between office and patient. One of the methods to use for this communication relies on cloud services for both faxes and emails. These cloud services have their own firewalls and encryption procedures, and they make certain that data only goes to a specific location. More often than not, a specific receiver has to acknowledge that they accept a fax. A VPN access code can be used for this process.

Biometric Identification

As passwords become obsolete and even unsafe for healthcare data security, biometric identification is steadily rising in practice when it comes to accessing sensitive information. With passwords comes the potential of breaches in security, even with the most carefully crafted codes. However, with the use of fingerprint analysis, retina scans, and facial recognition software, it’s nearly impossible for identity fraud to take place since these characteristics cannot simply be imitated. And not only does it reduce the risk of billing fraud – it also prevents deadly medication errors, improves response rates to medical emergencies, and expedites health information exchange services (which will be discussed in the next section).

Use Three Different Forms of Health Info Exchange

When in doubt, doctors’ offices should use three, distinct methods of Health Information Exchange (HIE) with patients and other medical offices. The first type is directed change, where data can be sent and received securely through an electronic medium between providers and coordinated support care. The second option is a query-based exchange, which offers providers the opportunity to find and request information from patients and other providers when unplanned care takes place. Finally, doctors’ offices can use consumer mediated exchanges, a method which allows patients to have control over data and how it is used among different providers.

Conclusion

A great deal of options is available when it comes to transmitting electronic patient data. Rather than rely on flimsy means of protection, alternative options with tighter security like encrypted care, biometric identification, and HIE paths should be implemented instead. If your practice or hospital can introduce even one of these methods as part of their data transfer strategies, you’ll notice a great improvement in workplace efficiency as well as security for your patients.

Author bio:

Heather Lomax is a contributing writer and media relations specialist for Blaze Systems. She writes articles for a variety of medtech blogs, discussing solutions for optimizing healthcare data protection and clinical technology.

medical record safety

Peace of Mind: A Short Guide To Who Handles Your Private Medical Information

protecting protected health medical information in healthcare

Many patients are unaware of how many people have access to their sensitive medical information.

The following guest post on who handles Protected Health Information (PHI) was submitted by Brooke Chaplan.

From basic information such as your height and weight to the types of medications you are taking, your health history, diagnoses, billing information and more, your healthcare providers have access to an incredible amount of very personal information about you and others in your family. This is information that you do not want to fall into the wrong hands. This begs the question of who actually has access to all of the information in your medical file.

Well-Trained and Screened Candidates

In most healthcare offices, hospitals and other settings, the administrative or medical team that has access to your records is usually well-trained and thoroughly screened. These individuals typically must pass a thorough background check before being permitted to work in the office, and the office often has safeguards and high-tech protocols to prevent employees from mishandling or abusing the information that they gain access to. Some of the professionals with the most access are healthcare administrators that hold a degree in their field.

Your Health Insurance Company

If you are one of the many millions of Americans who have access to health insurance, your health insurance company may keep track of your medications, treatments, diagnoses and more. Health insurance professionals are often required to uphold strict standards of confidentiality in the same way your healthcare providers are. In addition, as is the case with hospitals and medical offices, health insurance companies usually go to great lengths to prevent employees from misusing or abusing the data that they come across over the course of their regular work day.

Potential Hackers

In 2015, as many as a third of all Americans were impacted by a security breach that involved their healthcare data or records. Information such as their address and Social Security information may have been passed on to hackers. Some hackers sell the data they obtain through their attacks, and others use it personally with malicious intent. For example, with your name, address, Social Security number and birth date, they can commit identity theft. Many medical offices and hospitals are aware of this and other potential risks to their patients, and they regularly take steps to continuously update and improve technology in an effort to reduce this risk for their patients.

Your private data should remain private at all times, but the unfortunate reality is that the system in place in the healthcare industry right now is not perfect. Patients should make inquiries to their healthcare providers to learn more about the steps a particular office or hospital is taking to keep their data from falling into the wrong hands.

Author bio:

Brooke Chaplan is a freelance writer and blogger. She lives and works out of her home in Los Lunas, New Mexico. She loves the outdoors and spends most her time hiking, biking, and gardening. For more information contact Brooke via Twitter @BrookeChaplan.

 

5 Reasons Why Health Care Needs Better Cybersecurity

5 Reasons Why Health Care Needs Better Cybersecurity

healthcare cybersecurity to improve patient safety

The rapid digitization of healthcare has pushed many providers to improve cybersecurity. (Photo courtesy of Shutterstock).

The following is a guest post submitted to RightPatient on improving cybersecurity in healthcare.

When healthcare first started to go digital, the problems were largely related to mechanical reliability. Computers weren’t so reliable, and there was no internet to really bring them together. Keeping hard backups was really the biggest concern.

Yet that’s changed considerably in the past decade. Nearly all healthcare providers store at least some of their records online. As a result, there are fewer opportunities to completely lose a patient’s records and collusion among practitioners is becoming considerably easier. Conversely, the chance of having records stolen is dramatically increased.

According to the US Department of Health and Human Services, there were over 300 data breaches in 2016 (with over 500 victims), and that’s just in the United States. The question so many are asking is why.

As it turns out, there are many reasons.

Healthcare is Going Paperless

Both for space and for purposes of preservation, healthcare practitioners are doing what they can to cut down on the rooms filled to the brim with patient files. Instead, that information is stored on servers, both onsite and offsite. There’s less room for losing physical files, patient information can be located and sent faster, and providers can more easily see a complete history.

This centralization is certain to improve patient outcomes but it comes with the risk of creating major “honey pots” for hackers and thieves. Rather than stealing file folders, these cybercriminals only need to breach a single database to acquire hundreds, if not thousands of patient records.

The only recourse is to improve cybersecurity measures to help reduce or avoid breaches entirely. Otherwise, patients (and we’re all patients, including providers) face the risk of identity theft or worse.

Fraudulent care is a major problem because per the law, all treatment must be recorded. Care rendered to the wrong person can prove very difficult to remove from records, which could prove problematic or even dangerous for the victim, although the FDA contends that thus far no one has been injured or died as a result of data breaches.

It’s the Law

5 Reasons Why Health Care Needs Better Cybersecurity

(Photo courtesy of Shutterstock)

Not everyone realizes that maintaining cybersecurity that meets current procedural standards is actually the law. HIPAA compliance doesn’t just extend to patient confidentiality in person, but also applies to information stored digitally.

Those in practice that do get hacked face stiff legal penalties, particularly if they are shown to be taking inadequate care in preserving their patient records safely. Although state requirements vary, there are a few basic requirements both for minimizing liability and for complying with the law:

• At least two hard copies of records need to be maintained, one of which is stored offline
• Digital records must have copies stored online
• Health care providers must perform risk assessments and provide security measures that are adequate* to minimize risks to patient information and privacy

*Note that what constitutes “adequate” seems to vary and the requirement is generally vague at best.

Breaches are Increasingly Common

Earlier we discussed that 2016 was a year that featured over 300 major cybersecurity breaches in the healthcare industry. What’s important about that value is that it represents an over 20 percent increase in the number of hacks as compared to the year before, which numbered in the mid-200s.

Far from becoming less frequent and more controlled, data theft is actually on the rise. And the cost of theft isn’t getting any cheaper either. Research done by the Ponemon Institute continues to show yearly increases in costs to providers as a result of cybersecurity woes.

At present, there doesn’t seem to be any indication that the number of breaches or the cost per incident is likely to decrease through 2017 or beyond.

Most predict a continued increase in cost.

Private Practices Are Favorite Targets

The victims of data theft aren’t just major hospitals or data centers. In fact, private practices face just as many, if not more risks than do large institutions. Small practices tend to have a considerably lower budget for cybersecurity and thus are actually more vulnerable because it’s just that much easier for hackers to force their way in.

Government entities have been concerned for years that the problem isn’t limited just to large institutions. In 2012, the FBI director actually stated that “only two types of companies” exist: “those that have been hacked and those that will be.

Private practitioners and their patients would be wise to heed this warning and take steps to minimize the inevitable fallout that comes with data theft. Not taking the risk seriously could prove devastating particularly for offices with just a single doctor on staff.

BYOD Also Means BYOP

One last addition both to healthcare and standard businesses that presents a major risk to patient records is the so-called “Bring Your Own Device” (BYOD for short) policy. This procedure has grown in popularity because many employees own devices that are far more capable than those being provided by offices.

But BYOD can quickly become a BYOP (bring your own problems) policy if not handled appropriately. Employees rarely maintain security on their personal devices in a way that sufficiently protects the businesses they work with.

Employers would be wise to implement security requirements for their workers in the form of locked devices and security software. That means both anti-malware apps—for preventing infected software from being installed—and internet security apps, with Virtual Private Networks (VPNs) increasingly the most important due to the amount of hacks that involve direct invasion of unsafe connections.

Solving the Problems

Putting a stop to security breaches isn’t likely something that will happen overnight. But it is something we should all be cognizant of enough to begin minimizing risks. Nothing replaces vigilance and there may not ever be a catchall solution to cybercrime.

The cost of negligence may be more than we can imagine. And with insurance premiums up and healthcare costs continuing to rise, this is one bill we can’t afford to pay.

How will you help healthcare improve its cybersecurity? Do you have any concerns? Tell us in the comments.

About the Author: Faith is a cybersecurity expert and technology specialist. As a professional and patient, she is interested in helping businesses maintain more secure environments for the safety of themselves and those they serve. With medical hacks on the rise, Faith finds herself speaking out on the topic of patient records often.