Securing Patient Data in a Changing Technology Landscape
Guest post by Michael Howard, worldwide security practice lead, managed services, printing and personal systems group, HP.
As the information technology landscape continues to rapidly evolve, healthcare providers increasingly find themselves faced with new challenges on how to best serve their patients and protect their privacy. The Health Insurance Portability and Accountability Act (HIPAA), which introduced privacy and security regulations in 1996 for providers that use electronic transmission of data, made securing patient data a prominent issue.
If you are skeptical about potential costs associated with implementing a new security strategy in your office, consider this startling fact: According to the Ponemon Institute, the average cost per incident of corporate information theft is $5.5 million1. That number alone should be reason enough for providers to consider upgrading their security protocols. While computers and servers are often the first pieces of technology to be secured within the IT infrastructure, paper documents and printers are often overlooked. With the extensive amount of security offerings available, IT managers can have greater confidence that patient records remain safe. Below are the top three ways that healthcare providers can better secure their print infrastructure:
Store medical records in the cloud
Recent data from the U.S. Department of Health and Human Services indicates that paper still accounts for a large percentage of HIPAA breaches. Between Jan. 1, 2011 through April 15, 2014, 500 patient data breaches have been reported with 203 related to paper (more than 40 percent)2. One easy way to reduce the likelihood of a paper breach – and to save time spent shuttling from one file cabinet to another – is to transfer your hard copy medical records to an electronic health record (EHR) format and store them in the cloud. Securing the paper to digital data process can be a less painful process by implementing a software solution that makes it easy for users to scan documents, convert them to electronic files and then distribute them to predetermined destinations. Not only will you simplify the data storage and retrieval process, but you will also save office space by reducing the need for file cabinets and limit excess paper.
As many healthcare providers are in the process of transitioning from paper to EHRs, it is important to be well informed on what happens to your data once it enters the cloud. Most cloud-based solutions offer bank-grade encryption for data transfer, in addition to highly protected data centers. By saving your EHRs to the cloud, you will be able to update patient records in real-time and reference past prescriptions and treatment plans while in the room with your patient. This promotes more personalized and convenient care and helps reduce duplications and inaccuracies.
Secure your print environment
Your IT environment extends beyond your hardware and so should your security strategy. While firewall and servers are often first considerations for IT managers, the IT environment beyond the network can sometimes be overlooked. Whether you know it or not, your printer is also vulnerable to security breaches. Providers should consider conducting an audit of their print environment utilizing rigorous standards from the National Institute of Standards and Technology, an agency of the U.S. Department of Commerce. This will help you reduce risk across your imaging and printing fleet by implementing necessary security measures.
There are a variety of differentiated software solutions that can help secure your technology. You should consider a solution that provides a comprehensive approach to secure your print infrastructure with authentication, authorization, accounting and secure pull printing tools. This not only keeps data and devices secure, it also helps slash printing costs.
Have you noticed that your employees are using their mobile devices and tablets in the office more frequently? According to the Ponemon Institute, 81 percent of healthcare organizations permit employees and medical staff to use their own mobile devices such as smartphones or tablets to connect to their networks or enterprise systems3. The prevalence of mobile device usage in the office is continuing to rise and, with that, data can be left unprotected. Instead of viewing this as a reason to discourage smartphone usage, view this as an opportunity to adopt a secure mobile printing strategy. By allowing healthcare providers to print securely via a simple touch of their smartphone or tablet directly to the printer, IT managers can ensure data printed through a secure mobile print environment cannot be compromised.
Adopt a simplified user authentication process
Many physician offices and hospitals require employees to use badges to securely enter rooms containing confidential information and medication. It is also common for providers to enter username and password credentials in order to access office technology. In a report sponsored by the International Information Systems Security Certification Consortium ((ISC)²), analyst firm Frost & Sullivan found that approximately 40 percent of companies use authentication methods other than PIN codes when protecting their mobile devices used within their company’s IT environment4. What does this mean for your office? It means that there are a host of access authentication options aside from badges and PINs that you can explore that will not be overly cumbersome or time-consuming. With the introduction of near-field communications (NFC) touch-to-authenticate technology, end users can now enjoy a simplified login process by touching their smartphone directly to the printer in order to release their print job.
Adapting to changes in technology shouldn’t be viewed as a burden; rather, it is a win-win opportunity for the healthcare industry to better treat patients in new and innovative ways while incorporating beneficial business practices. Healthcare providers can easily capitalize on technological advances, but the first step is creating a more secure IT infrastructure.
1 Ponemon Institute, “2013 Cost of Data Breach Survey,” May 2013.
2 U.S. Department of Health and Human Services, “HIPAA Enforcement,” April 2014.
3Ponemon Institute, “Benchmark Study on Patient Privacy and Data Security,” March 2014.
4Frost & Sullivan, “The 2013 (ISC)2 Global Information Security Workforce Study,” March 2013.
Michael Howard is the worldwide security practice lead for managed services for HP’s printing and personal systems group. Howard began his career in the security and high-technology field more than 30 years ago with the U.S. Navy. He has since worked with the Department of Defense and in the private sector before joining HP nearly 15 years ago where he is currently responsible for evolving the strategy for security solutions and services and educates customers on the importance of security policies and procedures for imaging and printing.