Five Tips to Prevent PHI Breaches From Becoming Your Business’ Achilles Heel

Jay Atkinson
Jay Atkinson

Guest post by Jay Atkinson, CEO, AIS Network.

The recent theft of 4.5 million medical records by Chinese hackers coupled with the news that as-yet unidentified hackers were able to penetrate the U.S. government’s health care portal have ignited consumer concerns about the safety of health care records – and rightly so.  No patient should have to worry that his or her protected health information (PHI) may fall into the hands of thieves.

The medical industry experiences more security breaches than any other U.S. industry today, serving to undermine public confidence in electronic health records and the industry at large. Last year alone, more than 7 million patient health records were breached, up 138 percent over the previous year, according to a February report by IT security consultant Redspin. Theft or loss of unencrypted portable computing devices (i.e., laptops) or digital media containing PHI was the leading cause of PHI data breach, impacting 83 percent of records breached. Unauthorized access and hacking incidents impacted less than 7 percent of records breached.

It’s reassuring to see the industry break new ground in studying security flaws and addressing vulnerabilities.  For example, the Health Information Trust Alliance (HITRUST) teamed with the Department of Health and Human Services (DHHS) last spring to lead CyberRX, a series of no cost, industry-wide exercises designed to simulate cyber attacks on participating health care organizations and help them identify weaknesses in preparedness. Two important findings emerged:

Continue Reading

Health IT Security Breaches: Thought Leader Predictions for What’s Ahead

Security continues to be a major problem in health IT. The coming year will only bring more breaches and problems that must be addressed by those leading their organizations. In 2013 alone, millions of people were affected by breaches.

Breaches can be attributed to something as simple as a stolen device — flash drives and laptops, for example – to unauthorized access or disclosure of information by health system employees. For example, Healthcare IT News recently reported a four-year long breach by a single employee at the five-hospital Riverside Health System in southeast Virginia.

Health IT security issues are only going to get more pervasive, aggressive and encompassing in the years ahead. So, what can we expect as we look ahead? Here are some predictions about health IT security from the industry’s leading minds:

Doug Mow, CMO, Courion

Doug Mow - CMO
Doug Mow

Remaining in compliance with these codes and regulations, like HIPAA, is key from a security point of view for healthcare organizations. Being compliant and ensuring that only the appropriate healthcare staff members and contract workers have access to the information they need to do their jobs ensures that the information remains secure and does not end up in the wrong hands.

Because of the sensitivity of the information accessed on a daily bases within a healthcare organizations and the number of people accessing the information – doctors, nurses, clinical and admin personnel, and contractors – IT security concerns will be slightly different than the highly publicized breaches we read about, like the recent Target breach that originated outside the organization.

Continue Reading