The U.S. Department of Health & Human Services had instituted The HIPAA Privacy Rule in the year 1996 laying down a list of rules and guidelines intended to protect the personal health information of patients. To remain compliant with these regulations, all hospitals and healthcare organizations are taking the necessary steps to protect their operations from data breaches. Even as medical institutions have been adopting the latest of software and applications to protect their records, hackers seem to remain a step ahead.
According to the data released by the 2017 “Cost of Data Breach Study” by the Ponemon Institute in conjunction with IBM Security and the Privacy Rights Clearinghouse, the healthcare industry continues to be the most susceptible to data breaches. In the year 2017 alone, close to 60% of security leaks or 328 breaches occurred for a cost of around $1.2 billion in this sector alone.
Experts are Conducting Studies to Understand the Causes
Should you check out the results of research published by the American Journal of Managed Care (AJMC), you’ll learn about the findings of a team headed by Meghan Hufstader Gabriel, Ph.D. from the University of Central Florida. These results clearly point to the need for secure data destruction protocols that all medical institutions should adopt.
The report in the AJMC says, “Even with sophisticated health information technology (IT) systems in place, security breaches continue to affect hundreds of hospitals and compromise thousands of patients’ data. This gives cause to believe that other hospital factors, such as area characteristics, region, bed size, health system membership, hospital type, hospital governance, and market concentration, may play a vital role in breach risk.”
The researchers also found, “Hospital unit computers are easy targets because they contain patient and staff information, such as referral letters, nursing reports, patient charts, audits, handovers, and staff sick leave lists, directly on the desktop.”
Efficient Disposal of the Media Could be the Key to Preventing Data Breaches
Managing Paper Documents
While most hospitals are now relying on digital media, a lot of the information used to treat patients is in the form of hard copies of documents. To secure them, hospitals may have to use more efficient methods. Once the documents are no longer needed, they should be entrusted to a certified company that provides secure disposal solutions that are also eco-friendly. For instance, paper documents must be converted into shreds and later, pulped and reused so that the information is impossible to retrieve.
Managing Diagnostic Films
X-rays and films of the diagnostic tests conducted on the patients can also prove to be potential channels for data breaches. Like this article on Researchgate explains, disposing of them needs advanced methods so that the soluble silver and lead content does not make its way into the ecosystem. But, at the same time, the media must be secured to prevent misuse.
Managing Computers, Laptops, Cell Phones, and Tablets
To safeguard information stored on computers from data breaches, hospitals must institute regulations where all workers must use procedures like the two-step authentication, and usernames and passwords. Such organizations can also include biometric identification solutions such as gesture, fingerprint, and voice recognition to prevent data breaches.
But, over time, devices become obsolete and organizations need to discard them. The Hard Disk Drives (HDDs) or Solid State Drives (SSDs) contained within the devices can become a security threat if they are not wiped properly. Read this feature on ZDNet, and you will learn how the information stored in them can be retrieved by hackers and used to demand ransoms from the owners of the devices. Worse, the data can be sold in the open market for large sums of money. To prevent such instances, hospitals must ensure that the HDDs and SSDs are removed and shredded before the devices are sent to recycling plants.
Managing Hospital Workers
Given that healthcare organizations have a large number of employees working in them, the threat of data breaches becomes even more significant. Both human error and malicious intent can leave patient records open to hackers. Careful screening before hiring can potentially prevent wrongdoers from entering the organization.
To protect them from data breaches, hospitals need to continually upgrade their security systems and remain updated on the newest strategies being adopted by hackers and cybercriminals.