More than 1,000 healthcare organizations have experienced network breaches in recent years causing protected data to be compromised. Healthcare facilities have some of the most sensitive data files, supplying hackers with large amounts of information that not only affects the organizations that were infiltrated, but also the patients involved in the breach. In 2015, one-third of Americans experienced healthcare data breaches. For example, Community Health Systems which has 206 hospitals in 29 states suffered from a cyber-attack that affected 4.5 million private records including the patient’s name, address, Social Security number and health ID number. Around 76 percent of U.S. consumers are worried about the security of their medical data which is why upgrading security should be a main focus for healthcare facilities in 2018.
Security from an Organizational Perspective
With a federal mandate requiring healthcare facilities to use electronic health records in order to keep their Medicaid and Medicare reimbursement levels, more organizations are digitalizing data. In order for patient data to stay protected, healthcare organizations should train every department on how to best protect the information and why. Additionally, nurse leaders should strive to hold regular meetings with team members to keep all parties informed on the latest developments and communicate on changes in protocol.
When facilities limit the knowledge to the IT department, patients can suffer because every employee has the potential to be an entry point for hackers. Employees that have proper education on how medical identity theft happens, what the warning signs are and what the best practices are can help keep personal data secure.
Improve Security Systems
With advances in technology, security systems are becoming more complex so even choosing the wrong type of wire can decrease the effectiveness of the network. The main control panel is the brain of the security system which means it needs the best available wire to guarantee the system. While many still have Cat5 cable lying around, it is now considered obsolete with the making of Cat5e and Cat6. The Cat5e is considered enhanced and able to support the fast speeds up to 1000 Mbps which will reduce interference between individual wires inside the cable. The Cat6 can handle 10 Gigabit speeds up to 250 MHz which can support your security network for many years, but the extra shielding does add a lot of weight and bulk to the cable. Either option will provide the necessary support to keep your security system running.
Healthcare organizations have to follow specific HIPAA Privacy and Security Rules on who can look at, receive and share patient health information. Here are some technical safeguards for protecting electronic health records. Locations that house the information within the facility should be restricted to authorized personnel and the hospital should enforce strict visitor regulations to keep unwanted guests out of server rooms. Pin numbers and passwords can also help restrict access at workstations and databases. Facilities can also encrypt their data which means only authorized individuals have the key to be able to read the information.
Change Workplace Culture
One of the most important pieces of patient data that hackers are trying to obtain is Social Security numbers. Many health organizations think they need to store Social Security numbers for insurance, billing and collection, but that is often not the case. Therefore, the healthcare system should start reducing the use of these numbers to help protect patients. This plan can be started by using a universal patient identifier on forms and within computing systems as well as collecting additional data elements to replace Social Security numbers as data points in uniquely identifying an individual. When removing the number is not possible, organizations can mask them on their systems and limit their display to the last four digits as well as redact the number on printed documents and paper correspondences.
Security breaches pose a big challenge for healthcare organizations, so it is important to educate employees on the importance of patient security and continue to remind them of the importance of following procedures with electronic records.