Anthem Breach Puts Focus on Data Security
Posted On: March 17th, 2015
Senior Director of Product Development, McKesson
The Anthem breach, which affects the patient and demographic information of nearly 79 million people, has shined a bright light on data security practices among healthcare providers.
HIPAA, the Health Insurance Portability and Accountability Act of 1996, covered the privacy and security of health data, but it did not require encryption. The Health Information Technology for Economic and Clinical Health (HITECH) Act – which requires public disclosure of breaches that affect more than 500 people – created an exemption for companies that encrypt their data. Still, it stopped short of imposing an encryption requirement.
The Anthem breach is already reverberating through the industry and likely will leave new security measures in its wake. Although nothing will happen quickly, this incident should serve as a timely reminder for you to review the security of healthcare information and patient data that your organization keeps. And although the Anthem breach did not have a direct relationship to any particular type of data encryption, encryption at various levels of data at rest and in motion is still critical to securing sensitive and legally protected patient data.
We take the safety and security of data very seriously. That’s why McKesson Homecare™ and McKesson Hospice™ support data encryption of information through trusted third party encryption providers and Microsoft Windows’ internal encryption capabilities. We also help organizations safeguard protected health information (PHI) with products like McKesson Homecare MobileCare™, which delivers schedules, directions and electronic medical records to staff using smartphone technology that stores no patient data on a devices whatsoever.
Because McKesson Homecare MobileCare does not store PHI on the device, if a clinician or Aide leaves her phone in a restaurant, for example, someone else cannot use that device to access patient data. Likewise, if an employee quits, login information can be disabled remotely to ensure that the data cannot be viewed by the former employee again.
Timely access to relevant patient information is critical to the home health industry because you deliver care in patient homes. But protecting PHI is of equal importance. Take a moment to review your organization’s security protocols related to organization records and patient information. Are your protocols current? Are they being followed? Are you doing all you can to protect those records?
These are important questions that your organization should be able to answer and to address.
Learn more about how McKesson Homecare MobileCare™ can give your staff secure access to patient data, even while on the go.