RightPatient-ensures-patient-data-security

Hospitals Might Lose $323 Billion – Reduce Yours by Ensuring Patient Data Security

Healthcare around the world has been arguably facing one of its biggest challenges yet, and the US healthcare system is no exception to the effects of the coronavirus pandemic. While there are spikes in COVID-19 cases, things are looking quite bleak for the financial performance of hospitals this year. To be exact, over a staggering $323 billion could be lost only in 2020! Is there any solution to mitigate the losses? RightPatient might be the answer – as it ensures patient data security and prevents medical identity theft in real-time. Let’s explore.

RightPatient-ensures-patient-data-security

Unimaginable hospital losses

It is quite simple – due to the pandemic, hospitals had to focus more on the overwhelming number of COVID-19 patients, and thus, stopped treating regular patients. While this was expected, the financial losses are still huge.

According to the American Hospital Association, healthcare providers have reported declines of 34.5% in outpatient volume and 1.5% in inpatient volume, on average. Projected losses for the duration of March–June 2020 have been around $202 billion. Moving forward, the AHA estimates that the second half of 2020 will incur a loss of around $120.5 billion for providers – leading to an unprecedented sum of $323 billion in losses for the year 2020. However, the AHA does warn that this might be an understatement – the numbers might go even higher.

Providers do not expect losses to reduce for the rest of the year either. The AHA’s president has even stated that the US healthcare system is facing the biggest financial crisis in its history due to the pandemic as well as reduced patient numbers.

While the US federal government has provided over $170 billion as emergency funding for the providers, many fear that it might not be enough to overcome the heavy losses.

Medical identity theft is on the rise

Ensure-patient-data-security-and-prevent-medical-ID-theft-with-RightPatientWhile COVID-19 and its long-lasting effects are raging on, that has not stopped hackers from attempting to steal sensitive patient data through healthcare data breaches. Security experts have stated that there is a huge opportunity for hackers to steal patient data since it is rich with valuables like Social Security numbers, insurance information, and so on. Moreover, they can sell patient records for up to $1000.

Healthcare in the US is expensive, and that is the reason why medical identity theft is so common. Fraudsters simply buy the patient data from the black market, and do not need to worry about any more healthcare expenses – the fraudulent bills are passed on to the shoulders of the victims. As can be seen, ensuring patient data security is quite important.

Medical identity theft not only hampers the patients financially – it affects patient safety as well. When a fraudster uses the patient data to gain access to healthcare services such as expensive procedures, medications, and equipment, their data is recorded into the victims’ patient records. Thus, the patients might further suffer from incorrect medications and procedures based on an altered medical history, making patient data security a topmost priority, even during the pandemic.

Ensure patient data security with RightPatient

RightPatient has been protecting millions of patient records for leading healthcare providers for years. It is a touchless biometric patient identification platform that locks the medical records of the patients with their photos upon registration. After enrollment, all the patients need to do is look at the camera and the platform matches the photos and provides the correct patient record within seconds. Thus, if a fraudster comes by, he/she will be red-flagged, preventing medical identity theft.

Hospitals Might Lose $323 Billion - Reduce Yours by Ensuring Patient Data Security
Hospitals Might Lose $323 Billion - Reduce Yours by Ensuring Patient Data Security

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

Moreover, due to the pandemic, patient identification in hospitals needs to be upgraded to a touchless platform like RightPatient to prevent infection control issues and enhance patient safety. RightPatient meets all the requirements for any given health system or hospital by preventing medical identity theft, ensuring patient data security, enhancing patient safety, and preventing duplicate record creation, boosting the bottom lines. Reduce your losses by using RightPatient and protecting patient records now.

five-tips-for-preventing-medical-identity-theft-in-healthcare

5 Tips for Preventing Medical Identity Theft in Healthcare

Hospitals, medical centers, and physicians’ offices are not only places where patients should feel safe about getting the right medications, but it should be a place where they also feel safe with their sensitive information. Unfortunately, with the rise in the number of healthcare data breaches, the market is even riper for medical identity theft. Over 41 million patient records were breached in 2019 alone and the majority of them were associated with hacking or cyber attack-related incidents. 

five-tips-for-preventing-medical-identity-theft-in-healthcare

Preventing medical identity theft has been one of the top priorities, yet many organizations still rely on antiquated patient identity management solutions. Many leading hospitals, namely, Terrebonne General Medical Center and The University Healthcare System have been successful in preventing medical identity theft and benefitted in many other ways since using RightPatient. Other benefits include eliminating duplication of medical records, improving patient identity matching rates, clinical efficiency, and boosting the overall revenue cycle. But what about medical identity theft? How are patients affected by it? What are the ways for preventing medical identity theft? Let’s find out.

What is Medical Identity Theft?

Medical identity theft occurs when a fraudster uses someone else’s personally identifiable information (e.g. name, DOB, Social Security Number, health insurance number) to fraudulently receive medications or services, including attempts to falsify medical billings. The healthcare industry would have billions of dollars in surplus if all healthcare providers could prevent medical identity theft. This crime involves the fraudulent use of someone’s health insurance information to obtain reimbursement for healthcare-related services provided to a person not covered by the policy. This is one of the most common reasons for the rise in the numbers of claim denials. It affects revenue integrity and requires organizations to put in more strenuous efforts and resources to identify and resolve the problem throughout the revenue cycle management.

How are patients affected by medical identity theft?

Patients may not be able to afford the cost: Financial consequences for the victims of medical identity theft can exceed the cost of credit card fraud. According to a study conducted by the Ponemon Institute, medical identity theft can cost an average American $13,500 to resolve.

Victims may not be aware of their information being stolen: In most cases, insurers or healthcare providers rarely inform the patients about the crime. In general, victims are completely unaware of when they became a victim and learn about the theft of their credentials about three months after the crime has occurred.

Reputations can be on the line: Found in many studies, victims said that their reputation was affected because of medical identity theft due to disclosure of personal sensitive health information. Many respondents believe they missed out on good career opportunities due to identity theft. Some said it resulted in the loss of their job.

5 Tips for Preventing Medical Identity Theft

Invest in modern patient identity management technology and software

With the transition of paper-based patient’s records to electronic-based record-keeping systems, it is necessary to invest in modern technology and software for preventing medical identity theft. For better security and matching rates, many healthcare providers have adopted RightPatient – a leader in touchless biometric patient identity management solutions. With RightPatient, healthcare providers can verify patients’ identities and protect access to medical records. RightPatient does not only help in preventing medical identity theft but it also drastically improves patient matching rates and eliminates the creation of duplicate records.

Just as facial recognition or iris scanning techniques are used in smartphone devices today, this platform uses similar biometric techniques in a healthcare setting for authenticating and verifying an individual’s identity. RightPatient uses an individual’s iris pattern or photos of their face to lock their medical records. Each time a patient arrives at the continuum of care, the platform will scan their iris pattern or photos of their face to authenticate their identity and retrieve their correct medical records. With secure-log-in monitoring, fraudsters will be instantly denied when they try to gain access to medical records by assuming someone’s identity. 

Automating the patient registration and enrollment process

Automating the patient registration and enrollment process can eliminate the hassle of a long, complicated registration process, save valuable time and resources, and reduce errors at the same time. Criminals can easily obtain or use someone else’s common identifiers, such as names, SSNs, and DOB for fraudulent use. Many times common identifiers have also been the main cause of the creation of duplicate identities or record mismatching. Paper-based records are also vulnerable to how easily they can end up in the wrong hands. With RightPatient, transitioning to an automated patient enrollment system will be seamless. 

rightpatient-prevents-medical-identity-theft-and-ensures-positive-patient-experience

Streamline workflow and maintain compliance

Protected health information (PHI) is like a treasure box for cybercriminals and thieves. PHI contains valuable sensitive information and can easily be worth more than credit card numbers on the black market. This is why the Health Insurance Portability and Accountability Act (HIPAA) was established to ensure confidentiality, integrity, and availability of PHI. HIPAA requires healthcare organizations to implement appropriate safeguards to better protect patients’ information so it doesn’t end up in the wrong hands. Maintaining compliance with HIPAA can be quite strenuous, but organizations can use HIPAA compliance software to streamline their compliance efforts and reduce administrative burden. Adopting the best security practices to limit unauthorized access or disclosure of patient information is crucial for preventing medical identity theft.

Robust bring your own device (BYOD) and network access policy

Personal devices should be secured before accessing a patient’s information across the network. A proper BYOD policy must be developed and maintained. For instance, is it safe for employees to bring company-issued devices back home? Many times, thieves get access to sensitive information when devices such as laptops, tablets, or smartphones get stolen from the office, home, or even from a car. Hospitals should also install a separate internet wi-fi network for visitors and patients to restrict access to the organization’s internal network. 

Educate your employees and patients and instill a culture of best privacy practice

Not all data breaches are malicious – human error is inevitable. From emailing sensitive data to the wrong person to accidentally posting on social media or leaving a laptop open, information can be disclosed in many ways. It is essential for healthcare providers to conduct proper training and educate their staff members, working in any capacity with medical information on how to handle and access PHI in an appropriate manner and identify suspicious behaviors for preventing medical identity theft. Training can be easily streamlined using applications.

Many hospitals always strive to do their best when it comes to securing patient information. The occurrence of medical identity theft is unfortunate but isn’t rare at all. Hospitals should also advise patients and encourage them to keep their sensitive information safe and be cautious when sharing sensitive information. 

5 Tips for Preventing Medical Identity Theft in Healthcare
5 Tips for Preventing Medical Identity Theft in Healthcare

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

Preventing Medical Identity Theft with RightPatient

Even during this COVID-19 national emergency crisis, medical identity theft is continuously becoming a great threat to the safety of patients and healthcare providers. Besides being the leader in patient identity management, RightPatient offers completely touchless biometric modules for patient identification. With RightPatient, healthcare providers can easily prevent medical identity theft and improve patient safety along with hygiene in a facility by removing physical contact, thus, limiting the spread of contagious diseases. 

Reduce-costs-of-healthcare-data-breaches-with-RightPatient

Healthcare Data Breach Statistics show 40 Million Patients were affected in 2019

Data breaches – this topic has been covered a lot here. That’s because it is so prevalent and is constantly haunting big and small healthcare providers across the U.S. In 2019, a whopping 40 million people were affected by healthcare data breaches. To put this in perspective, 14 million people were affected, according to healthcare data breach statistics in 2018.

Reduce-costs-of-healthcare-data-breaches-with-RightPatient

A recent study has also shown that 2019’s numbers were higher than the 2015 data breaches where over 113 million records were exposed. The report from the study emphasizes how over 400 organizations experienced breaches consisting of more than 500 patient records. Even though some providers are working to increase security, they are finding it challenging to stay ahead of the curve.

The reported data breaches increased by 38 percent from January to October 2019, compared to 2018. More than 429 organizations reported breaches, which is considerably higher than the 371 organizations reporting data breaches in 2018. 

The result? 

40 million people were affected by these data breaches, and these are the data breaches that were actually reported. However, the aforementioned study claimed that more than 480 organizations would be affected by data breaches in 2019.

Hacking was consistently the main cause of data breaches from 2016. However, hacking stole the spotlight in 2019with 59 percent of the reported data breaches a result of hacking. 

RightPatient-prevents-medical-identity-theft-even-after-data-breaches

Another tool used by cybercriminals is email.

Stolen medical records often contain sensitive information of the patients – their medical history, their medications, test results, names, addresses, and so on. The hackers usually sell this information on the black market where buyers assume the identities of the affected patients.  

Patients can serve hospitals with lawsuits for not protecting their sensitive data. Some patients spend a lot of time having their medical records fixed, which is costly for the patients, the hospitals, as well as the insurers. It is a loss for everyone involved.

Healthcare Data Breach Statistics show 40 Million Patients were affected in 2019
Healthcare Data Breach Statistics show 40 Million Patients were affected in 2019

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

What can hospitals do?

While data breaches can not be stopped so easily, thankfully medical identity theft can be prevented. This is where RightPatient comes in – it locks the medical records of the patients with their biometric data and also attaches a photo to the medical records. Even if the medical records are stolen, the patient data will remain safe. If a  person attempts to assume the identity of a patient, RightPatient immediately red flags the user and lets authorities know, preventing medical identity theft in real-time. Healthcare providers are protecting millions of patient records with RightPatient, mitigating losses, improving the revenue cycle, preventing being a part of healthcare data breach statistics, and enhancing patient safety – are you one of them? 

protecting-patient-data-is-challenging-for-hospitals

Protecting Patient Data is a Topmost Priority During the Coronavirus Pandemic

The last few months have been excruciating for the whole world due to the COVID-19 outbreak. Hospitals have been working tirelessly, tending to the unprecedented number of patients coming in. However, that has not stopped them from experiencing unwanted incidents like data breaches. However, even in this scenario, protecting patient data is a must. 

Protecting-Patient-Data-is-possible-with-RightPatient

An example

On March 20, University of Utah Health started notifying a number of its patients regarding a phishing incident followed by a malware attack. Back in February, the provider detected unusual activities on their employees’ email accounts. After conducting a thorough examination, they concluded that an outsider gained unauthorized access to those employees’ email accounts between January 7 and February 21.

The outsider did this by acting as a trusted source. Thankfully, the U of U Health was successful in securing the affected accounts. Some of the patient data, which was potentially exposed consisted of patient names, DOB, medical record numbers, as well as some clinical information. 

However, that was not the end of the data breach.

After detecting the phishing attack,  U of U Health found out that an employee’s machine might have contained downloaded malware on February 3. After scrutiny, the experts at  U of U Health stated that the malware potentially allowed access to parts of patient data, just like the previous one – names, DOB, medical record numbers, as well as some clinical information.

The matter is still being investigated, and however, U of U Health stated that they did not find any evidence that the affected patient data was misused. The healthcare provider is making changes to ensure that such unwanted incidents do not happen again. 

That is just one healthcare provider. There are numerous that are still facing data breaches, even during the coronavirus pandemic. The crisis makes it ripe for hackers to steal sensitive patient information, as hospitals are having a hard time dealing with the whole situation at hand.

Protecting Patient Data is a Topmost Priority During the Coronavirus Pandemic
Protecting Patient Data is a Topmost Priority During the Coronavirus Pandemic

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

Medical identity theft issues 

The hackers can steal patient data, and either use it for their purposes or sell it to other parties. The outcome is medical identity theft – someone else assumes the identity of the patients and uses healthcare services, which were initially meant for the patients. Medical identity theft causes the victims to receive shocking bills for services they never used. It can also lead to the healthcare providers being hit with lawsuits by the patients, claiming that the providers did not protect their sensitive patient data well enough. 

How are hospitals protecting patient data?

This is where RightPatient can help. With this contactless patient identification platform, medical identity theft can be prevented easily. RightPatient uses biometric data (such as iris) to store medical records along with capture photos of the patient. Later on, all a registered patient needs to do is look at the camera – RightPatient identifies the accurate medical records within seconds and provides it to the hospital staff. Even in the case of a data breach, patient records are locked with the patients’ biometric information. Thus, also if a third-party assumes the identity of the patient, the platform will immediately detect the fraudster – preventing medical identity theft and protecting patient data.

Also, it is of paramount importance that hygiene is maintained within hospitals, which is why RightPatient’s contactless identification platform makes it ideal for detecting accurate patient records during this crucial time without causing infection control issues. 

RightPatient-can-help-protect-patient-data

Employees Can Compromise Medical Records – How Can Hospitals Protect Patient Data?

As harsh as it may sound, employees getting fired for accessing medical records without any malicious intent is very common. More than 4.5 million records were compromised in unauthorized access or disclosure incidents caused by employee errors, negligence, and acts by malicious insiders in 2019, according to the HIPAA data breach statistics report. Thus, providers need to find out strategies to protect patient data better. 

In 2019 Northwestern hospital dismissed nearly 50 employees for accessing a celebrity’s medical record without consent. Recently mentioned in another similar series of unfortunate events is the Hawaii Pacific Health in Honolulu.  

RightPatient-can-help-protect-patient-dataHawaii Pacific Health discovered that an employee had erroneously accessed patients’ medical records. As a result, 3772 patients’ records may have been compromised, according to the HHS Office for Civil Rights data breach portal. The employee who worked at Straub Medical Center was later terminated. The organization believes that the employee only acted out of curiosity and did not intend to embezzle their identities. 

Consequences associated with compromised medical records

Medical records that may have been compromised include name, addresses, phone numbers, email addresses, dates of birth, religion, race/ethnicity, Social Security numbers, medical record numbers, primary care providers, dates of services, appointment notes, hospital account numbers, department names, provider names, account numbers, and health plan names.  

Nevertheless, accidental disclosure of sensitive personal information may lead to severe consequences, and lead to medical identity theft or even worse. If it falls into the wrong hands, this information can be used for theft or personal gains. The culprit may also fraudulently obtain medical benefits or sell this information to third parties, who may then misuse them.  

Healthcare organizations plagued by patient data breaches have had a sustained impact. Patient-trust is the driving force for effective and quality clinical practice. When an incident similar to Hawaii Pacific Health occurs, it will cause financial and reputational losses to medical service providers. On the bright side, Hawaii Pacific Health will provide the affected patients with free credit monitoring and identity restoration services for one full year. However, as data breaches make hospitals more vulnerable to identity theft, hospitals will again face an increasing administrative burden.

Employees Can Compromise Medical Records - How Can Hospitals Protect Patient Data?
Employees Can Compromise Medical Records - How Can Hospitals Protect Patient Data?

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

What can the healthcare providers do to protect patient data?

Currently, Hawaii Pacific Health is looking for alternatives and is willing to invest in technology. Technology can help prevent repercussions, such as medical identity theft. Nonetheless, compromised data can be easily safeguarded with a biometric patient identification platform that prevents unauthorized access. 

RightPatient – Biometric Patient Identification Platform

RightPatient has been serving several healthcare providers and medical institutions to avert repercussions like illegal access to patient data, and ultimately preventing medical identity theft. RightPatient is the most advanced biometric patient identification platform that can protect patient data by preventing inappropriate access to patient medical records.

How does it work?

During registration, patients will need to provide their biometric information (facial photos, irises, fingerprints) to the hospital. With the help of biometric encryption technology, patients’ medical data will be kept locked and secured. The next time patients come to receive medical services,  all they need to do is look at the camera or perform a fingerprint scan to unlock their data in seconds. This technology automatically prevents illegal access to medical records,  as to access the data, you will need the patient’s authentication. 

When all is said and done

There is no doubt that the patient’s medical record should be kept confidential, but the crux of the matter is human errors are inevitable. Hospitals should be aware and willing to invest in technologies that can prevent more damage and open the door to more opportunities for quality health service.

RightPatient-can-prevent-medical-identity-theft

Hospital data breach results in an expensive lawsuit – Is yours next?

Hospital data breaches have been rampant for quite some years now. Last year’s figures alone are quite frightening- one states that 41 million patient records were exposed, essentially making the patients potential victims of medical identity theft. Thus, both data breaches and medical identity theft has been in the limelight. These unwanted nuisances have turned the attention towards healthcare providers who are suffering from these events. One such provider is the University of Missouri Health Care (MU Health), who suffered a data breach of 14 thousand records and also were hit by a lawsuit by the impacted patients.

This happened back in 2019. The provider was sued by patients who were affected by the breach in question. The patients reasoned that the breach had made their sensitive records prone to medical identity theft- their fear was not irrational.

RightPatient-can-prevent-medical-identity-theft

The actual story

On the first day of May 2019, the healthcare provider found out that an outsider somehow accessed email accounts of two employees for more than a week. Following the incident, the concerned officials said that they took the necessary steps to secure both accounts. 

It was not disclosed how the hacker got access and whether it was a phishing incident or not. However, the healthcare provider revealed that the affected account had sensitive patient data stored, such as names, DOB, medical record numbers, insurance details, as well as treatment details. The hospital data breach even consisted of the Social Security Numbers of some unlucky patients.

The data breach, fortunately, did not affect all the patients of MU Health. However, it did affect around 14,400 patients, which is no small number. As soon as the provider’s inquiry ended regarding the breach on the twenty-seventh day of July, it started to inform the patients regarding the breach. Oddly, the organization notified the patients after the required timeframe of 60 days as per HIPAA regulations.

The aftermath

Within the same week of notifying the patients, one of them filed a lawsuit, followed by 19 others. Their reason was very simple- the data breach would likely result in medical identity theft and lead to lower-quality care. The patients also believed that they were paying quite an amount of money, and thus, MU Health should add stringent security with their services.

Hospital data breach results in an expensive lawsuit - Is yours next?
Hospital data breach results in an expensive lawsuit - Is yours next?

#1 Biometric Patient ID Platform

Superior flexibility, power & ROI

Hospital data breaches can arm hackers with enough information to obtain medical services assigned to the patients. The hackers could either expose the data, sell it, or use it for themselves. These could lead to the patients paying for healthcare services they did not avail. These could also become denied claims for healthcare providers. Whichever way one looks at it, data breaches and medical identity theft is extremely undesirable. 

How do hospitals prevent medical identity theft?

Although it is quite prevalent nowadays, medical identity theft can actually be prevented. One way to make sure that the medical records are safe is by locking them with a key that hackers cannot forge. That is exactly what RightPatient does. It is a biometric patient identification platform that locks the patient records with their biometric data. Once the platform attaches the medical record with the data during enrollment, a third party cannot come and claim that record, preventing medical identity theft and ensuring accurate patient identification. RightPatient has been preventing medical identity theft for leading hospitals such as University Health Care System and Grady Health System.

protecting patient data in healthcare

How Doctors Can Transmit Patient Data Securely

How Doctors Can Transmit Patient Data Securely

Doctors must take precautions when sharing patient data. Learn more about how doctors should protect your PHI in this guest post from Heather Lomax. (Photo courtesy of pxhere)

The following guest post on protecting patient data was submitted by Heather Lomax.

Communication efforts in the last few years have greatly advanced between doctor and patient. Instead of having patients drive out for a visit or make drawn-out phone calls every time something needs to be discussed, some doctors’ offices have started to use online portals and email correspondence with patients. These options are extremely efficient, but they also place patients at a higher risk of medical identity theft. Therefore, special measurements need to be taken in safely transmitting patient data.

PHI Data and Email Encryption

First and foremost, patients need to make sure their devices are encrypted when they access medical data. Not operating on such a system places data at risk for theft with ease. Therefore, portals offering medical data need to be encrypted as well. Patients should be made aware that if their computers at home are not secure, then they place their data at risk there as well. Sending patients emails also requires another degree of encryption.

Different Types of Email

Several types of emails exist when it comes to safely transmitting data information with patients. For web-based email applications, doctors’ offices and patients alike need to use accounts with HTTPS encryption. This method is the only means by which web-based email is secure. The email is sent to a patient should also be encrypted using either PGP encryption methods or Symantec Digital IDs. In both of these aspects, each email comes with its encryption.

Use Cloud Services for Fax and Email

HIPAA regulations make specific claims about how data should be transmitted between office and patient. One of the methods to use for this communication relies on cloud services for both faxes and emails. These cloud services have their own firewalls and encryption procedures, and they make certain that data only goes to a specific location. More often than not, a specific receiver has to acknowledge that they accept a fax. A VPN access code can be used for this process.

Biometric Identification

As passwords become obsolete and even unsafe for healthcare data security, biometric identification is steadily rising in practice when it comes to accessing sensitive information. With passwords comes the potential of breaches in security, even with the most carefully crafted codes. However, with the use of fingerprint analysis, retina scans, and facial recognition software, it’s nearly impossible for identity fraud to take place since these characteristics cannot simply be imitated. And not only does it reduce the risk of billing fraud – it also prevents deadly medication errors, improves response rates to medical emergencies, and expedites health information exchange services (which will be discussed in the next section).

Use Three Different Forms of Health Info Exchange

When in doubt, doctors’ offices should use three, distinct methods of Health Information Exchange (HIE) with patients and other medical offices. The first type is directed change, where data can be sent and received securely through an electronic medium between providers and coordinated support care. The second option is a query-based exchange, which offers providers the opportunity to find and request information from patients and other providers when unplanned care takes place. Finally, doctors’ offices can use consumer mediated exchanges, a method which allows patients to have control over data and how it is used among different providers.

Conclusion

A great deal of options is available when it comes to transmitting electronic patient data. Rather than rely on flimsy means of protection, alternative options with tighter security like encrypted care, biometric identification, and HIE paths should be implemented instead. If your practice or hospital can introduce even one of these methods as part of their data transfer strategies, you’ll notice a great improvement in workplace efficiency as well as security for your patients.

Author bio:

Heather Lomax is a contributing writer and media relations specialist for Blaze Systems. She writes articles for a variety of medtech blogs, discussing solutions for optimizing healthcare data protection and clinical technology.

medical record safety

Peace of Mind: A Short Guide To Who Handles Your Private Medical Information

Peace of Mind: A Short Guide To Who Handles Your Private Medical Information

Many patients are unaware of how many people have access to their sensitive medical information.

The following guest post on who handles Protected Health Information (PHI) was submitted by Brooke Chaplan.

From basic information such as your height and weight to the types of medications you are taking, your health history, diagnoses, billing information and more, your healthcare providers have access to an incredible amount of very personal information about you and others in your family. This is information that you do not want to fall into the wrong hands. This begs the question of who actually has access to all of the information in your medical file.

Well-Trained and Screened Candidates

In most healthcare offices, hospitals and other settings, the administrative or medical team that has access to your records is usually well-trained and thoroughly screened. These individuals typically must pass a thorough background check before being permitted to work in the office, and the office often has safeguards and high-tech protocols to prevent employees from mishandling or abusing the information that they gain access to. Some of the professionals with the most access are healthcare administrators that hold a degree in their field.

Your Health Insurance Company

If you are one of the many millions of Americans who have access to health insurance, your health insurance company may keep track of your medications, treatments, diagnoses and more. Health insurance professionals are often required to uphold strict standards of confidentiality in the same way your healthcare providers are. In addition, as is the case with hospitals and medical offices, health insurance companies usually go to great lengths to prevent employees from misusing or abusing the data that they come across over the course of their regular work day.

Potential Hackers

In 2015, as many as a third of all Americans were impacted by a security breach that involved their healthcare data or records. Information such as their address and Social Security information may have been passed on to hackers. Some hackers sell the data they obtain through their attacks, and others use it personally with malicious intent. For example, with your name, address, Social Security number and birth date, they can commit identity theft. Many medical offices and hospitals are aware of this and other potential risks to their patients, and they regularly take steps to continuously update and improve technology in an effort to reduce this risk for their patients.

Your private data should remain private at all times, but the unfortunate reality is that the system in place in the healthcare industry right now is not perfect. Patients should make inquiries to their healthcare providers to learn more about the steps a particular office or hospital is taking to keep their data from falling into the wrong hands.

Author bio:

Brooke Chaplan is a freelance writer and blogger. She lives and works out of her home in Los Lunas, New Mexico. She loves the outdoors and spends most her time hiking, biking, and gardening. For more information contact Brooke via Twitter @BrookeChaplan.

 

5 Reasons Why Health Care Needs Better Cybersecurity

5 Reasons Why Health Care Needs Better Cybersecurity

5 Reasons Why Health Care Needs Better Cybersecurity

The rapid digitization of healthcare has pushed many providers to improve cybersecurity. (Photo courtesy of Shutterstock).

The following is a guest post submitted to RightPatient on improving cybersecurity in healthcare.

When healthcare first started to go digital, the problems were largely related to mechanical reliability. Computers weren’t so reliable, and there was no internet to really bring them together. Keeping hard backups was really the biggest concern.

Yet that’s changed considerably in the past decade. Nearly all healthcare providers store at least some of their records online. As a result, there are fewer opportunities to completely lose a patient’s records and collusion among practitioners is becoming considerably easier. Conversely, the chance of having records stolen is dramatically increased.

According to the US Department of Health and Human Services, there were over 300 data breaches in 2016 (with over 500 victims), and that’s just in the United States. The question so many are asking is why.

As it turns out, there are many reasons.

Healthcare is Going Paperless

Both for space and for purposes of preservation, healthcare practitioners are doing what they can to cut down on the rooms filled to the brim with patient files. Instead, that information is stored on servers, both onsite and offsite. There’s less room for losing physical files, patient information can be located and sent faster, and providers can more easily see a complete history.

This centralization is certain to improve patient outcomes but it comes with the risk of creating major “honey pots” for hackers and thieves. Rather than stealing file folders, these cybercriminals only need to breach a single database to acquire hundreds, if not thousands of patient records.

The only recourse is to improve cybersecurity measures to help reduce or avoid breaches entirely. Otherwise, patients (and we’re all patients, including providers) face the risk of identity theft or worse.

Fraudulent care is a major problem because per the law, all treatment must be recorded. Care rendered to the wrong person can prove very difficult to remove from records, which could prove problematic or even dangerous for the victim, although the FDA contends that thus far no one has been injured or died as a result of data breaches.

It’s the Law

5 Reasons Why Health Care Needs Better Cybersecurity

(Photo courtesy of Shutterstock)

Not everyone realizes that maintaining cybersecurity that meets current procedural standards is actually the law. HIPAA compliance doesn’t just extend to patient confidentiality in person, but also applies to information stored digitally.

Those in practice that do get hacked face stiff legal penalties, particularly if they are shown to be taking inadequate care in preserving their patient records safely. Although state requirements vary, there are a few basic requirements both for minimizing liability and for complying with the law:

• At least two hard copies of records need to be maintained, one of which is stored offline
• Digital records must have copies stored online
• Health care providers must perform risk assessments and provide security measures that are adequate* to minimize risks to patient information and privacy

*Note that what constitutes “adequate” seems to vary and the requirement is generally vague at best.

Breaches are Increasingly Common

Earlier we discussed that 2016 was a year that featured over 300 major cybersecurity breaches in the healthcare industry. What’s important about that value is that it represents an over 20 percent increase in the number of hacks as compared to the year before, which numbered in the mid-200s.

Far from becoming less frequent and more controlled, data theft is actually on the rise. And the cost of theft isn’t getting any cheaper either. Research done by the Ponemon Institute continues to show yearly increases in costs to providers as a result of cybersecurity woes.

At present, there doesn’t seem to be any indication that the number of breaches or the cost per incident is likely to decrease through 2017 or beyond.

Most predict a continued increase in cost.

Private Practices Are Favorite Targets

The victims of data theft aren’t just major hospitals or data centers. In fact, private practices face just as many, if not more risks than do large institutions. Small practices tend to have a considerably lower budget for cybersecurity and thus are actually more vulnerable because it’s just that much easier for hackers to force their way in.

Government entities have been concerned for years that the problem isn’t limited just to large institutions. In 2012, the FBI director actually stated that “only two types of companies” exist: “those that have been hacked and those that will be.

Private practitioners and their patients would be wise to heed this warning and take steps to minimize the inevitable fallout that comes with data theft. Not taking the risk seriously could prove devastating particularly for offices with just a single doctor on staff.

BYOD Also Means BYOP

One last addition both to healthcare and standard businesses that presents a major risk to patient records is the so-called “Bring Your Own Device” (BYOD for short) policy. This procedure has grown in popularity because many employees own devices that are far more capable than those being provided by offices.

But BYOD can quickly become a BYOP (bring your own problems) policy if not handled appropriately. Employees rarely maintain security on their personal devices in a way that sufficiently protects the businesses they work with.

Employers would be wise to implement security requirements for their workers in the form of locked devices and security software. That means both anti-malware apps—for preventing infected software from being installed—and internet security apps, with Virtual Private Networks (VPNs) increasingly the most important due to the amount of hacks that involve direct invasion of unsafe connections.

Solving the Problems

Putting a stop to security breaches isn’t likely something that will happen overnight. But it is something we should all be cognizant of enough to begin minimizing risks. Nothing replaces vigilance and there may not ever be a catchall solution to cybercrime.

The cost of negligence may be more than we can imagine. And with insurance premiums up and healthcare costs continuing to rise, this is one bill we can’t afford to pay.

How will you help healthcare improve its cybersecurity? Do you have any concerns? Tell us in the comments.

About the Author: Faith is a cybersecurity expert and technology specialist. As a professional and patient, she is interested in helping businesses maintain more secure environments for the safety of themselves and those they serve. With medical hacks on the rise, Faith finds herself speaking out on the topic of patient records often.