Blog

Data Security Challenges of Healthcare Facilities

by Paul Kazlauskas

The healthcare industry has experienced more data breaches than any other industry segment over the last 3 years. When you hear the phrase “patient safety”, you likely don’t think about data security. However, when a patient enters a hospital, medical center, or doctor’s office, their personal health information is at risk (address, DOB, private medical records, etc). Most healthcare organizations have 2 factors going against them that make them susceptible to data security losses. Unfortunately, both are only rising in significance.

The first issue is the presence of a healthcare workforce that relies on mobile technology. Institutions should recognize that they need to protect the data that is on devices AND data that is being transmitted to other places around the world. Healthcare facilities need to consider regulatory security and privacy compliance. Healthcare workers that deal with private health information need to be educated on the challenges of data protection, especially actions to avoid. Facilities need a mobile security roadmap so security and mobile user-enablement are on the same page. Working on a mobile device brings great convenience and efficiency to the healthcare floor. However, those positives would be quickly wiped away with a data breach that could have been prevented with education. Mobile security policies include implementing encryption for facility data on all devices and mandating that only trusted devices access the network via a virtual private network (VPN).

The second issue that healthcare facilities face with regards to data security is the value of private health information. A patient’s healthcare record is complete and total. There aren’t any missing pieces of information or the need for hackers to go someone else to find a pertinent detail or two. This makes healthcare records very attractive to would-be-hackers when trying to steal someone’s identity. Some analysts estimate that private health information of a person is 50 times more valuable than their credit card information. This is not good news in terms of identity theft.

Healthcare facilities must recognize their potential data security issues. They shouldn’t feel that “good enough” is good enough. An organization must be in a constant state of assessment, analysis, and mitigation of potential risks. These tasks should be accomplished by someone other than the person responsible for the maintenance of the security program. An independent review will provide an unbiased, neutral point-of-view. Should the worst case scenario occur, a healthcare facility shouldn’t underestimate the impact of a security data breach. The cost of a single breach includes security program remediation, identity theft insurance, legal costs, civil lawsuits, and a loss of trust in the institution which hurts their ability to acquire new patients.

The old Ben Franklin quote holds true, “An ounce of prevention is worth a pound of cure”. Every dollar spent on developing and maintaining a robust data security program should be internally considered money paid into an insurance program of potential liability reduction.

Want the latest, best security practices delivered straight to your inbox? Enter your email address in the "Subscribe" area (on the left side navigation).

Download Free Whitepaper ›  
Our exclusive "Guide to Choosing a Visitor Management System"

Follow us on Social Media for more security content.
      

Posted on 8/4/2015