Guest post by Brett Meyers, senior business analyst and ECM product lead, The Gordon Flesch Company.
In the wake of the recent Ashley Madison hacking scandal, cyber breaches have become a hot-button issue. Poking fun at high-profile people caught in the midst of a scandal has nearly become a national pastime in recent years, but the hack itself is no laughing matter. After all, just six months ago, a data breach at Anthem, Inc. revealed as many as 80 million records had been exposed during what the company characterized as a “very sophisticated external cyber attack.” Certainly, no one was laughing then – not the millions of people whose birth dates, Social Security numbers, addresses and income information were exposed — and certainly not Anthem, which now faces dozens of class action lawsuits. The costs may include millions of dollars in damages and a major hit to the insurance company’s brand and reputation.
One lesson these two very different breaches brought home is that businesses of every type and size are vulnerable to cyber attacks and identity theft. If Anthem were the only health-related business to have been hacked, it would still be a disturbing event; but in fact, the U.S. Department of Health and Human Services maintains an entire website devoted to healthcare-related data breaches of 500 or more records. So far, there are more than 1,300 cases on file, with targets that include individual practices, university-based research facilities, public and private hospitals, and major insurance companies.
In 2012, the U.S. Department of Justice’s Bureau of Justice Statistics reported that 7 percent of the U.S. population 16 and older had been the victim of identity theft, and direct and indirect losses that year amounted to about $25 billion. That’s staggering. What’s even more alarming is that about one-third of those victims spent weeks or months trying to untangle the financial mess long after their information was stolen.
It’s easy to think the impact of identity theft is limited to financial implications, but the government report had one more startling bit of data revealing just how far-reaching the effects of a data breach can be on its victims. According to the data, “Victims who had personal information used to open a new account or for other fraudulent purposes were more likely than victims of existing account fraud to experience financial, credit and relationship problems and severe emotional distress.”
When it comes to managing health records and maintaining integrity of your data, and the confidential information entrusted to you by your patients, a robust and adaptive enterprise content management system is absolutely critical. It’s true, the shift from paper records to electronic systems has made healthcare much simpler, but it’s also true that by placing data on the information superhighway, you risk exposing that data to hackers. That makes selecting an enterprise content management system one of the most important decisions you’ll face at your health care organization. Leaders who fail to take their management systems seriously expose themselves and their patients to significant financial loss, as well as a host of other potentially devastating side effects.
One of the best ways to select an enterprise content management system is to begin by establishing your own guidelines for the handling of sensitive patient and personnel data, including whom has access and where the information resides. Even though these answers may seem simple and straightforward, written policy can help expose gaps and emphasize the very serious nature of patient confidentiality when it comes to records management.
It’s also important to select a system that’s established and has the resources to respond to security threats as they emerge. For professional hackers, breaching sensitive data records is a full-time job; these breaches are random operations that occur in dimly lit back rooms. They are carefully orchestrated campaigns developed by skilled computer experts who are constantly on the prowl for new techniques to overcome security measures. A company that takes proactive steps to combat and address emerging threats and shore up potential system weaknesses will stand out when you’re comparing enterprise content management system providers.
And finally, once you choose and implement a system, it’s imperative you revisit your security plan and update your system regularly, ensuring your system receives upgrades and that you’re aware of new product enhancements. Maintaining patient confidentiality requires a vigilant eye, and the knowledge that your enterprise content management system is equipped to handle the task. This simple step provides a huge measure of peace of mind – for both your practice and your patients.