Posts

How to Protect Patient Information as Data Breaches Become a Topmost Concern

August 25, 2021/5893 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, Data Integrity, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Safety /by Matt Gibson

We’ve talked about data breaches in hospitals and health systems more times than we can count. Unfortunately, these unwanted incidents just keep on happening, and even when the pandemic was at its peak, hackers didn’t stop. Thus, it isn’t a surprise that many healthcare executives are wary about cyberthreats that loom in the dark, just biding their time and waiting to attack more hospitals and steal patient information. That being said, let’s take a look at some recent cyberthreats faced by hospitals, what healthcare execs are saying, and how to protect patient information even if there is a data breach.

Most healthcare experts are worried about cyber threats

Let’s take a look at some of the recent worrying trends in health IT, according to some respected healthcare executives.

Half of them stated that the frequency of cyber-attacks on healthcare facilities is one of their primary concerns now – let’s explore the issue in detail.

Out of these execs, one of them expects that this will continue to be a huge problem for the foreseeable future – a worrying but accurate prediction, unfortunately.

Another exec stated that such cyber-attacks put patient data, arguably one of the most sensitive pieces of information available within hospitals, at huge risk. We’re inclined to agree, as most data breaches end up with hackers stealing patient information and selling it to fraudsters who commit medical identity theft down the line. Many caregivers, as a result, are searching for answers to the billion-dollar question – how to protect patient information.

Another exec stated that cyberattacks are rapidly evolving as hackers come up with innovative ways to attack and lock or steal patient information – something quite challenging to keep up with.

One of the execs that is worried about cyber-attacks stated that hackers and these issues hinder them from doing their jobs properly, which is to care for their patients. He also stated that effective cybersecurity practices and far more assistance are required to tackle cybersecurity and keep costs in check.

Another of these execs predicts that more hospitals and health systems will be focused on improving some aspects such as better integration between platforms, patient consumerization, and strategies that help with cybersecurity efforts.

However, not all healthcare executives chose cyber-attacks as their primary worries.

Others chose:

The boom of startups that give unrealistic expectations, taking up a lot of money from investors.
Mergers and acquisitions.
Mandates about sharing health information that are quite unclear and might be detrimental.
Clinician burnout due to EHR coding, among other issues.
Ensuring equity during telehealth visits.

While all of them are quite valid concerns, the biggest concern is how to protect patient information effectively – healthcare data breaches are occurring as we speak.

Hospitals must protect patient information effectively as data breaches are rampant

On the 15th of April, a phishing attempt was successful – unauthorized individual(s) got access to login credentials of an employee of Orlando Family Physicians. After a thorough investigation, it was found that three other employee accounts were accessed. While the access has been revoked, over 447,000 patients were exposed, such as names, health insurance data, Social Security numbers, and more. This is just a classic case of data breaches – something that has been repeating itself for several years in many hospitals and health systems.

Fortunately, as we mentioned at the beginning of the article, doing something about protecting patient data and preventing medical identity theft IS possible – let’s see how to protect patient information even if there is a data breach.

How to protect patient information with RightPatient

RightPatient is the leading touchless patient identification platform trusted by responsible hospitals and health systems for several reasons. Firstly, it ensures accurate patient identification starting from appointment scheduling and at any touchpoint across the care continuum. Secondly, it is easy-to-use, safe, and hygienic, as the interactions are contactless – something that is extremely valuable in a post-pandemic world. Thirdly, it protects patient data and blocks fraudsters during identity verification – preventing medical identity theft in real-time.

During the registration process, the patient just needs to look at the camera – the photo taken is attached to their medical record, essentially “locking” it from being meddled with by fraudsters. When the patient returns for future visits, all the patient needs to do is look at the camera – RightPatient automatically runs a search and presents the appropriate EHR when it finds a match between the saved photo and the patient’s live image. Any fraudster attempts will be red-flagged by RightPatient during this process – stopping medical identity theft in its tracks.

How are YOU protecting your patients’ information?

Providers Must Protect Patient Information to Enhance Patient Trust

August 13, 2020/9256 views / 0 Comments/in BLOG, COVID-19, Cybersecurity, Data Breach, EHR, healthcare, Medical Identity Theft, Patient Data, Patient Identification, Patient Outcomes, Patient Safety /by Matt Gibson

The US healthcare system has always been the one attracting attention for all the wrong reasons – it is inundated with a plethora of issues. Lack of price transparency, interoperability issues, lack of proper patient identification, archaic laws governing the overall system, and prevalent medical identity theft cases are just some of the many problems that plague providers and prevent them from giving optimal patient care. One of the more prominent problems faced is healthcare data breaches – something that happens regularly nowadays. With the pandemic in mind, healthcare providers need to do all they can to enhance patient trust and improve patient safety – something they can do if they protect patient information. This is critical because it will boost inpatient volumes and can help offset the ongoing losses due to COVID-19. Let’s see how RightPatient can help by ensuring accurate patient identity verification.

What does the data say?

A recently released study by the Journal of General Internal Medicine has shed some light on patients’ perceptions about their EHR security and privacy.

According to the report:

The respondents who fear that their EHRs will be jeopardized due to a cybersecurity incident are three times more likely to hold back information from their caregivers, compared to those who do not share the same feeling, especially during the transmission of said EHRs electronically.
Out of the respondents who trusted that their EHRs were safe and secure, chances of concealing information from their providers were around half compared to those who had privacy concerns.
Older, married, and employed patients were less likely to withhold information.

This study was conducted with keeping the growth of telehealth in mind and how a lack of patient trust will cause problems, especially during the pandemic. Thus, healthcare providers need to rethink their strategies and boost patient confidence. Not only will it help provide better healthcare services, but it will also increase patient retention – patients will not switch to other caregivers if they see that their providers protect patient information effectively.

Protect patient information by ensuring compliance

With the electronic transmission of PHI (protected health information), HIPAA compliance is the first thing that pops up on the minds of providers. The aforementioned study suggests the same: providers should address patients’ concerns by addressing security gaps. This can be done by providing proper training for internal data breaches and do’s and don’ts during PHI transmission, conducting internal audits to detect security issues, and keeping relevant employees on the same page regarding HIPAA compliance. HIPAA Ready is a robust HIPAA compliance software that can address all that and more, helping you protect patient information in the process. Simplify HIPAA compliance and reduce your administrative burdens with HIPAA Ready.

RightPatient helps protect patient information

RightPatient has been helping to protect patient data for years now. Moreover, even if you face a data breach, you can still safeguard patient information. Here’s how it works.

Once a provider deploys RightPatient, patients receive an SMS or email to validate their identity after scheduling an appointment. The patient provides a selfie and a photo of their driver’s license, and RightPatient matches the photos to ensure a proper match. Patients new to the platform are provided with new biometric credentials.

During inpatient visits, all patients need to do is look at the camera. The platform identifies them by matching the photos, ensuring accurate patient identification.

Another reason why RightPatient is a must

The aforementioned study is also related to the updated Medicare CoPs. Since the study talks about sending EHRs to other caregivers, the recently introduced e-notifications come to mind. With the looming CMS compliance deadline (May 1st, 2021), healthcare providers need to ensure accurate patient identification so that they can send out accurate e-notifications during ADTs. If they fail to send out notifications to the proper channels, it can cause noncompliance issues and can risk their CMS provider agreements. RightPatient is a must-have solution to avoid such cases and ensure that the proper caregivers are notified.

Protecting Patient Data is a Topmost Priority During the Coronavirus Pandemic

April 25, 2020/5292 views / 0 Comments/in BLOG, Cybersecurity, Data Breach, healthcare, Medical Identity Theft, Patient Identification /by Matt Gibson

The last few months have been excruciating for the whole world due to the COVID-19 outbreak. Hospitals have been working tirelessly, tending to the unprecedented number of patients coming in. However, that has not stopped them from experiencing unwanted incidents like data breaches. However, even in this scenario, protecting patient data is a must.

An example

On March 20, University of Utah Health started notifying a number of its patients regarding a phishing incident followed by a malware attack. Back in February, the provider detected unusual activities on their employees’ email accounts. After conducting a thorough examination, they concluded that an outsider gained unauthorized access to those employees’ email accounts between January 7 and February 21.

The outsider did this by acting as a trusted source. Thankfully, the U of U Health was successful in securing the affected accounts. Some of the patient data, which was potentially exposed consisted of patient names, DOB, medical record numbers, as well as some clinical information.

However, that was not the end of the data breach.

After detecting the phishing attack, U of U Health found out that an employee’s machine might have contained downloaded malware on February 3. After scrutiny, the experts at U of U Health stated that the malware potentially allowed access to parts of patient data, just like the previous one – names, DOB, medical record numbers, as well as some clinical information.

The matter is still being investigated, and however, U of U Health stated that they did not find any evidence that the affected patient data was misused. The healthcare provider is making changes to ensure that such unwanted incidents do not happen again.

That is just one healthcare provider. There are numerous that are still facing data breaches, even during the coronavirus pandemic. The crisis makes it ripe for hackers to steal sensitive patient information, as hospitals are having a hard time dealing with the whole situation at hand.

Medical identity theft issues

The hackers can steal patient data, and either use it for their purposes or sell it to other parties. The outcome is medical identity theft – someone else assumes the identity of the patients and uses healthcare services, which were initially meant for the patients. Medical identity theft causes the victims to receive shocking bills for services they never used. It can also lead to the healthcare providers being hit with lawsuits by the patients, claiming that the providers did not protect their sensitive patient data well enough.

How are hospitals protecting patient data?

This is where RightPatient can help. With this contactless patient identification platform, medical identity theft can be prevented easily. RightPatient uses biometric data (such as iris) to store medical records along with capture photos of the patient. Later on, all a registered patient needs to do is look at the camera – RightPatient identifies the accurate medical records within seconds and provides it to the hospital staff. Even in the case of a data breach, patient records are locked with the patients’ biometric information. Thus, also if a third-party assumes the identity of the patient, the platform will immediately detect the fraudster – preventing medical identity theft and protecting patient data.

Also, it is of paramount importance that hygiene is maintained within hospitals, which is why RightPatient’s contactless identification platform makes it ideal for detecting accurate patient records during this crucial time without causing infection control issues.

5 Reasons Why Health Care Needs Better Cybersecurity

April 24, 2017/5459 views / 0 Comments/in BLOG, Cybersecurity, Guest Blog Posts /by John Trader

The following is a guest post submitted to RightPatient on improving cybersecurity in healthcare.

When healthcare first started to go digital, the problems were largely related to mechanical reliability. Computers weren’t so reliable, and there was no internet to really bring them together. Keeping hard backups was really the biggest concern.

Yet that’s changed considerably in the past decade. Nearly all healthcare providers store at least some of their records online. As a result, there are fewer opportunities to completely lose a patient’s records and collusion among practitioners is becoming considerably easier. Conversely, the chance of having records stolen is dramatically increased.

healthcare cybersecurity to improve patient safety

The rapid digitization of healthcare has pushed many providers to improve cybersecurity.

According to the US Department of Health and Human Services, there were over 300 data breaches in 2016 (with over 500 victims), and that’s just in the United States. The question so many are asking is why.

As it turns out, there are many reasons.

Healthcare is Going Paperless

Both for space and for purposes of preservation, healthcare practitioners are doing what they can to cut down on the rooms filled to the brim with patient files. Instead, that information is stored on servers, both onsite and offsite. There’s less room for losing physical files, patient information can be located and sent faster, and providers can more easily see a complete history.

This centralization is certain to improve patient outcomes but it comes with the risk of creating major “honey pots” for hackers and thieves. Rather than stealing file folders, these cybercriminals only need to breach a single database to acquire hundreds, if not thousands of patient records.

The only recourse is to improve cybersecurity measures to help reduce or avoid breaches entirely. Otherwise, patients (and we’re all patients, including providers) face the risk of identity theft or worse.

Fraudulent care is a major problem because per the law, all treatment must be recorded. Care rendered to the wrong person can prove very difficult to remove from records, which could prove problematic or even dangerous for the victim, although the FDA contends that thus far no one has been injured or died as a result of data breaches.

It’s the Law

Not everyone realizes that maintaining cybersecurity that meets current procedural standards is actually the law. HIPAA compliance doesn’t just extend to patient confidentiality in person, but also applies to information stored digitally.

Those in practice that do get hacked face stiff legal penalties, particularly if they are shown to be taking inadequate care in preserving their patient records safely. Although state requirements vary, there are a few basic requirements both for minimizing liability and for complying with the law:

• At least two hard copies of records need to be maintained, one of which is stored offline
• Digital records must have copies stored online
• Health care providers must perform risk assessments and provide security measures that are adequate* to minimize risks to patient information and privacy

*Note that what constitutes “adequate” seems to vary and the requirement is generally vague at best.

Breaches are Increasingly Common

Earlier we discussed that 2016 was a year that featured over 300 major cybersecurity breaches in the healthcare industry. What’s important about that value is that it represents an over 20 percent increase in the number of hacks as compared to the year before, which numbered in the mid-200s.

Far from becoming less frequent and more controlled, data theft is actually on the rise. And the cost of theft isn’t getting any cheaper either. Research done by the Ponemon Institute continues to show yearly increases in costs to providers as a result of cybersecurity woes.

At present, there doesn’t seem to be any indication that the number of breaches or the cost per incident is likely to decrease through 2017 or beyond.

Most predict a continued increase in cost.

Private Practices Are Favorite Targets

The victims of data theft aren’t just major hospitals or data centers. In fact, private practices face just as many, if not more risks than do large institutions. Small practices tend to have a considerably lower budget for cybersecurity and thus are actually more vulnerable because it’s just that much easier for hackers to force their way in.

Government entities have been concerned for years that the problem isn’t limited just to large institutions. In 2012, the FBI director actually stated that “only two types of companies” exist: “those that have been hacked and those that will be.”

Private practitioners and their patients would be wise to heed this warning and take steps to minimize the inevitable fallout that comes with data theft. Not taking the risk seriously could prove devastating particularly for offices with just a single doctor on staff.

BYOD Also Means BYOP

One last addition both to healthcare and standard businesses that presents a major risk to patient records is the so-called “Bring Your Own Device” (BYOD for short) policy. This procedure has grown in popularity because many employees own devices that are far more capable than those being provided by offices.

But BYOD can quickly become a BYOP (bring your own problems) policy if not handled appropriately. Employees rarely maintain security on their personal devices in a way that sufficiently protects the businesses they work with.

Employers would be wise to implement security requirements for their workers in the form of locked devices and security software. That means both anti-malware apps—for preventing infected software from being installed—and internet security apps, with Virtual Private Networks (VPNs) increasingly the most important due to the amount of hacks that involve direct invasion of unsafe connections.

Solving the Problems

Putting a stop to security breaches isn’t likely something that will happen overnight. But it is something we should all be cognizant of enough to begin minimizing risks. Nothing replaces vigilance and there may not ever be a catchall solution to cybercrime.

The cost of negligence may be more than we can imagine. And with insurance premiums up and healthcare costs continuing to rise, this is one bill we can’t afford to pay.

How will you help healthcare improve its cybersecurity? Do you have any concerns? Tell us in the comments.

About the Author: Faith is a cybersecurity expert and technology specialist. As a professional and patient, she is interested in helping businesses maintain more secure environments for the safety of themselves and those they serve. With medical hacks on the rise, Faith finds herself speaking out on the topic of patient records often.