Why It’s Important to Keep Your Medical Office IT Secure
Published March 18, 2017     |     Written by Robert Harrington
Prior to today’s tech boom, recordkeeping was done by locking papers away in cabinets inaccessible to unauthorized individuals. Keeping patient records confidential was literally done through lock and key. With today’s technology, it’s even more important to keep patient records confidential so as not to breach the patient-doctor privilege.
With the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) in 2009, hospitals and health care providers were mandated to adopt electronic health records (EHR). By 2015, doctors and health care practitioners were instructed to avoid the use of handwritten charts, and fully switched to an electronic medical record system.
This process brings about a whole host of new challenges in preserving patient confidentiality.
Advantages of EHRs
The new law does have its advantages. According to a study by Therry, Thorpe, et al (2008) for the US National Library for Medicine, some benefits of the EHR include:
- Efficiency: no need to look for patient’s physicals charts, just look them up on the database
- Easier collaboration between healthcare professionals: whether for patients who frequently transfer hospitals or have multiple doctors, to gathering data for research studies
- Decreased medical errors
So, why is a tech person talking about the advantages of the medical industry? Because without proper technology, you could be putting your medical office at risk. Despite the advantages, it is imperative to protect patient data from the most nefarious of culprits; hackers.
Medical Office Hacking
Several people have authorized access to a patient’s medical records including: doctors, nurses, billing officers, database administrators, and office staff. Patients usually have access as well, via online portals.
But like germs a hospital aims to treat, this information may spread and cause problems. The US Department of Health & Human Services has reported 116,000 data breaches in 2009, when the law was first enacted – affecting about 31.3 million people.
In April 2014, health care provider, Community Health Systems, experienced a breach affecting 4.5 million individuals, stealing “nonmedical patient identification data.”
Why Hackers Love EHRs
The biggest reason hackers love EHRs is the value of the data contained therein. Hackers can use personal data obtained to claim medical benefits, file illegal tax returns, commit identity theft, or even blackmail patients. EHRs are 10x more valuable than credit card information on the black market, according to a Reuters report.
Another factor that makes EHR a prime target is the lack of awareness among healthcare institutions. Many do not have enough experience protecting data, because they are busy helping their patients live happier, healthier lives. There is a lack of cybersecurity professionals in the healthcare industry.
How Hackers Gain Access to Medical Data
Many hackers get access via ransomware. This infects computers in the network, and encrypts files, making them inaccessible to the intended user. Similar to kidnapping, hackers ask for a ransom to unlock the data. Most EHRs lack basics like antivirus or firewalls, and many fail to update their systems regularly.
What You Can Do to Protect Medical Office IT
Patients are entitled to know how their health records are secured under HIPAA (the Health Information Portability & Accountability Act). If their information is not secure enough for their liking, Rachel Seeger, spokeswoman for the HHS Office of Civil Rights, goes as far as to recommend that they change doctors.
For health care providers. Take the following steps to keep your records secure:
- Invest in a reputable EHR vendor that will work with you closely to secure your system
- Invest in training your employees on how to properly utilize your records system
- Establish proper user logins and verification of authorized users
- Perform periodic audits to check for any security breaches or identify weaknesses
- Encrypt patient data
If that sounds like too much to handle, consider investing in professional managed IT services that can do that for you after the EHR vendor has installed the system.
Besides the health of your patients, medical record safety should be a top priority for healthcare providers. It is not enough to ensure that your patients are healthy – make sure your systems are safe from hacking or misuse. It is everyone’s responsibility to keep this information secure!