Here’s what we know. In the Anthem hack, it is estimated that approximately 80 million records were stolen. The Anthem hackers stole information of both employees and customers, which included names, address, emails, birth dates, medication history, employment details, family relatives and more. But while most hackers steal financial data for spending sprees – these hackers had next-step intentions with the stolen data serving as the basis for phishing emails with attachments for the purposes of installing malware using their official email accounts, gathering even more personal information, and then it was propagated across entire networks. So now what?
Know the facts. According to Privacy Rights Clearinghouse, up until Anthem, since 2006, about 6.6 million records have been exposed from 79 medical-related breaches of hacking or malware type. Last year, Community Health Systems Inc. announced a large data breach of its health system compromising data for 4.5 million patients and now Anthem at the 80 million mark. Attackers like targeting EHRs because the records are highly profitable compared to other forms of information. For example, each credit card data is valued about $1 in the black market. However, according to various sources, a partial or complete EHR can generate $50 to $100 on the black market. The high price is because of the healthcare data includes personal identity information and sometimes carries credit card information along with insurance and personal health information. So, while financial information can be tracked and secured following a breach — the healthcare information cannot be as easily tracked and resolved.
Current mandates. Every EHR provider should safeguard data and information with HIPAA-complaint communication protocols, 128-bit encryption and public key authentication. As per the HIPAA norms of strong grade encryption and authentication, providers should meet all the regulatory requirements enabling security and confidentiality. Scheduled backups of the data are essential to keeping records and information from being lost or destroyed.
Given the tremendous and on-going changes currently taking place in health IT, especially the recent delay in ICD-10, and the ever on-going issues surrounding meaningful use, we remain in a turbulent, yet revolutionary time in the industry. As changes continue to come and behaviors, habits, further reform is activated and enforced, there will only be more of a focus on where we are headed from a technology standpoint.
Given the multiple balls health IT leaders are currently juggling and the rapid changes they are facing from new technology and managing tools that were once thought to be saviors of the sector – patient portals come to mind – I and they are left to wonder what’s next for health IT. With that lingering question, I asked a few folks working directly in the space what they think will occupy the minds of health IT leaders for the short term.
The delay in ICD-10 implementation was met with equal parts relief and frustration. As the healthcare IT industry is evolving, government and regulatory authorities have come up with several certifications to enhance the quality of care for patients. For example, meaningful use incentives have created an artificial market for dozens of immature EHR products. Many EHR vendors have been preoccupied with backlogged implementations and have neglected the usability and innovation of their EHR products. Most concerning to current EHR users are unmet pleas for sophisticated interfaces with other practice programs and complex connectivity, pacing with accountable care progresses and the rapid EHR adoption of mobile devices. Many popular “one size fits all” EHR products have failed to meet the needs of several medical specialties.
Distracted by the process of certifying their EHR products for Stage 2 of meaningful use, not all software vendors have been able to deliver on their Meaningful Use 2 promises to anxious providers; 40 percent of the practices are replacing their EHR systems, as their current systems are cumbersome to use, not integrated, not able to meet regulatory compliance, outdated, have interoperability challenges, inefficient customer support, lacks specialty specific workflow and are not mobile enabled.
Stacy Leidwinger, vice president of product marketing, RES Software
A top concern in healthcare right now is securing patient health records. Although the clinical details themselves contain little financial value, the records contain personal patient details that can easily result in stolen identity or credit card information.
In the US, nearly 3 trillion dollars per year is spent on healthcare, which translates to everyone from physicians and pharmacists to well-organized crime syndicates targeting healthcare, usually through the use of stolen patient records and identities.
Two of the weakest points in healthcare security are 1) people tending to underestimate security risks, therefore, becoming vulnerable to social engineering, and 2) the fact that endpoints can’t be physically secured in many cases while continuing to provide needed value. Patients need to take a more serious approach in choosing a healthcare organization by making it clear that they “trust” their provider.