Filter by Category

Who is Protecting Your Healthcare Records?

Health Care Records

How important is a patient's privacy? If your organization is a health care facility, the instinctive answer that comes to mind is "Very important!" After all, a patient's privacy is the basis upon which a doctor/patient relationship is based. Right?

Patient Privacy is in Jeopardy

When it comes to patient data, the real answer may surprise you. According to a study released by the Ponemon Institute, "Patient data is being unknowingly exposed until the patients themselves detect the breach."

Entitled "Benchmark Study on Patient Privacy and Data Security," the independent study examined the privacy and data protection policies of 65 health care organizations in accordance with the mandated Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. HITECH requires health care providers to provide stronger safeguards for patient data and to notify patients when their information has been breached.

Is the Protection of Patient Data a Priority?

According to the study, 70% of hospitals say that protecting patient data is not a top priority. Billing information and medical records are not being protected and are considered most at risk. More significantly, there is little to no oversight of the data itself. Patients are often the first to detect breaches and end up notifying the health care facility themselves.

The study reports that most health care organizations do not have the staff or the technology to adequately protect their patients' information. The majority (67%) say that they have fewer than two staff members dedicated to data protection management.

And perhaps because of this lack of resources, 60% of organizations in the study had more than two data breaches in the past two years, at a cost of almost $2M per organization. The estimated cost per year to our health care systems is over $6B.

Why is this happening?

1. HITECH Rules Fail to Ensure Protection

HITECH encourages health care organizations to move to Electronic Health Records (EHR) systems to help better secure patient data. And, indeed, the majority of those organizations in the studies (89%) said they have either fully implemented or planned soon to fully implement EHR. Yet the HITECH regulations to date do not seem to have diminished security breaches at all, as the Ponemon Institute's study provides a sobering evaluation:

Despite the intent of HITECH rules, the majority (71%) of respondents do not believe these new federal regulations have significantly changed the management practices of patient records.

2. Unintentional Actions are the Primary Cause of Breaches

According to the report, the primary causes of data loss or theft were unintentional employee action (52%), lost or stolen computing device (41%), and third-party mistakes (34%).

It would seem, with the use of EHR systems, that technologies should be deployed to assist in these unintentional breaches. And while 85% believe they do comply with the loose legal privacy requirements of HIPAA, only 10% are confident that they are able to protect patient information when used by outsourcers and cloud computing providers. More significantly, a mere 23% of respondents believed they were capable of curtailing physical access to data storage devices and severs.

The study lists 20 commonly used technology methodologies encouraged by HITECH and deployed by these institutions, including firewalls, intrusion prevention systems, monitoring systems, and encryption. The confidence these institutions feel in these technologies are also listed, with firewalls as the top choice for both data breach prevention and compliance with HIPAA. Also popular for accomplishing both are access governance systems and privileged user management. Respondents favor anti-virus and anti-malware for data breach prevention. For compliance with HIPAA, they favor encryption for data at rest.

Protecting Data with Encryption Technologies

The study points to the value of encryption technologies for compliance purposes and the prevention of unintended disclosure. This value is perceived as particularly high by those who participated in the study: 72% see it as a necessary technology for compliance, even though only 60% currently deploy it for data breach prevention. These identified needs for encryption falls just behind the use of firewalls and the requirements of access governance.

Encryption for data at-rest is one of the key technologies that HITECH specifically identifies. An encrypted file can not be accidentally examined without the appropriate credentials. In addition, some encryption packages, like Crypto Complete, monitor and record when and by whom data has been examined. These safeguards permit IT security to audit the use of data to ensure that if a intrusion breach occurs, the scope and seriousness of the breach can be assessed quickly and confidently.

So how important is a patient's privacy? We believe it's vitally important. And this report from the Ponemon Institute should make good reading to help your organization understand and identify the growing epidemic of security breaches.

Is Your Patient Data Protected?

It might be time to secure your file transfers with a managed file transfer solution. See how Bristol Hospital uses GoAnywhere Managed File Transfer to streamline and encrypt their files, protect patient data, and meet several HIPAA and HITECH requirements.

Read the Case Study

 

 

Add a Comment

Allowed tags: <b><i><br>

Latest Posts


What is Managed File Transfer (MFT)?

October 10, 2018

As companies recognize a need for a solution that meets their file transfer, automation, and encryption needs, the question often arises: what is managed file transfer and how is it different from my…


Why You Should Cluster Your File Transfer Systems

October 4, 2018

What’s the true cost of downtime for your organization? You may think of it in terms of lost revenue—according to studies released in the last couple years, the average cost of…


4 Healthcare Organizations that Use Managed File Transfer

September 28, 2018

Earlier this year, GoAnywhere covered five of the healthcare industry’s top cybersecurity concerns for 2018 and addressed how those risks could be mitigated. Now, almost ten months into the…


Which is Better: SFTP vs. FTPS?

September 24, 2018

How do you transfer sensitive files? Business requirements and security standards have increased in recent years across industries and continents, but many organizations have struggled to keep up.…


Tradeshow Recap: VMware 20th Anniversary, Secure File Transfers, and More at VMworld 2018

September 10, 2018

Dazzling booth displays and nerdy Star Wars swag. Informative training sessions. Demos for modern software and hardware. Drones. In-depth industry conversations. Coffee decorated with techy latte…