|Patient records, like all sensitive data, are under attack from hackers. In early 2013 it was reported that more than 780,000 Utah Department of Health patient accounts were compromised. During the same year, Emory Healthcare reported 10 backup disks missing from a hospital storage facility that contained names, social security numbers and medical records of approximately 228,000 patients.These breaches are not alone; it is estimated that compromised hospital data is costing the U.S. healthcare industry upwards of $7 billion a year. And although your organization and its patients are likely not at high risk, consumers seeing and hearing of these infractions may have concerns.But, you can help alleviate those concerns and build trust in your organization’s security with improved processes and communication. By being aware and ready to answer questions related to medical identity theft and data hacking, your patients will be able to relax knowing their data is in good hands.|
Keeping patients safe
As a healthcare provider, there are measures you can take to reduce the risk of medical hacking and in turn, ease the minds of your patients.
- Enforce security policies: It is of utmost importance to have solid security policies and procedures in place to prevent data breaches. However, a policy alone doesn’t guarantee adherence. Compliance is a must in order to stay one step ahead of hackers. Hold regular, mandatory data safety training sessions for all employees. Encourage Q&A afterward by using “Safety” stress relievers as a reward for those who participate. Utilize training to develop a list of your organization’s top five security reminders, imprint them on static decals and distribute one to each employee for displaying at their workstation as reinforcement.
- Amp up security: Investing in security enhancements is money well spent. The use of biometric devices such as iris scanners is expected to increase 20 percent a year over the next three years. Biometric devices recognize people’s physical traits ensuring patients are who they say they are. And they’re not just for the likes of James Bond or Ethan Hunt—iris scanning units can be purchased for only $200 to $300. Thinking of implementing this at your practice? Get patients on board by explaining the security benefits. Make it fun and encourage participation with rewards for those who partake in this techy practice. A pair of spy-approved sunglasses or a secret agent bracelet USB make great choices.
- Maintain tight controls: Establishing tighter controls over medical devices allows for easier risk assessment and the detection of potential security breaches. Controls can include centralized inventory systems, monitoring software and strong authentication controls. Be ready to communicate the security measures you have in place—handouts that promote the safety of medical devices and the security practices you are following can help ease minds. Keep the handouts together with a clip imprinted with your contact information in case there are further questions or concerns.
- Empower patients: Empower your patients to protect their own identity. Remind them to monitor their health records closely. Stress the importance of closely examining explanation of benefits and invoices, and don’t forget to emphasize the importance of safeguarding insurance cards, office visit summaries and other health plan correspondence. A pamphlet on preventing identity theft may be a great office visit takeaway.
As hackers get smarter, healthcare organizations need to stay one step ahead. Strong policies, tighter controls and sound security practices can keep your patients, their identities and their medical information safe and secure.
Kleyman, Bill. “Healthcare data breach prevention: Taking a preemptive stand.” HealthITSecurity.com. N.p., 09 July 2013. Web. Retrieved 16 Jan. 2014.
Kloeffler, D., Shaw, A. “Dick Cheney Feared Assassination Via Medical Device Hacking: ‘I Was Aware of the Danger'” Abcnews.com. N.p., 19 Oct. 2013. Web. Retrieved 16 Jan. 2014.
Hallam, Kristen. “Biometric Technology Combats Medical Identity Theft.“ Businessweek.com. N.p., 9 May 2013. Web. Retrieved 16 Jan. 2014.
“6 Ways Health Care Providers Can Reduce Medical Device Security Risks.” Deloitte CIO – WSJ. N.p., 05 Nov. 2013. Web. Retrieved 16 Jan. 2014.