Human error, bugs in hardware, application software and operating systems add to the complexity of securing healthcare data—and data breaches are not uncommon.
U.S. federal law requires any organisation dealing with private health information to be HIPAA compliant, which means that hospitals and healthcare organisations must adhere to HIPAA's strict security guidelines. In a radical change from just a few years ago, many healthcare organisations utilise the public cloud, allowing at least some PHI or other personal data to be accessible through the Internet. Unfortunately, human error, bugs in hardware, application software and operating systems add to the complexity of securing healthcare data—and data breaches are not uncommon.
Data breaches to a healthcare organisation can be a crippling threat for multiple reasons. A security breach decreases patient trust, and organisations may have to incur liability to reimburse patients for costs or damages from the breach. Healthcare organisations will have to spend time and money working with patients to help them monitor their credit reports for fraud and other issues by hiring third parties. In addition, organisations are often compelled to terminate the employees that are responsible for the lax security that caused the data breach. Avoid these potentially costly issues by considering the four suggestions discussed here. Ultimately, they can help healthcare organisations decrease costs and increase the security of PHI.
In order to increase the security of healthcare data, there are four key areas that need to be addressed.
- Providing healthcare services requires many actors to have access to PHI across geographies. A national personal eHealthcare Record (eHR) would increases data security.
- The healthcare industry should mimic the financial services industry and adopt best practises.
- Mitigate size and scale issues of smaller healthcare organisation by using HIPAA compliant cloud-managed services providers and applications.
- Implement a national system of two-tiered eHR records where the top tier provides a higher level of security for more sensitive personal diagnoses.