Thieves Are Lurking, so Protect Your Privileged Data
Posted On: April 12th, 2016
Product Support Director, Change Healthcare
What steps are you taking within your home care organization to protect sensitive patient information? Amid all of the regulatory and reimbursement changes that are altering the delivery of home health and hospice services in fundamental ways, I understand how data security can slip in importance. But cyberthieves are hard at work trying to steal your data.
On the black market, a medical record is worth $10, 10 to 20 times what a credit card record will fetch. That’s because a medical record usually contains patient Social Security numbers, which can be used to open up new lines of credit.
And then there’s the sneakiness factor. While consumers are likely to know if their credit cards have been stolen or see charges they didn’t make on the next credit card statement, they aren’t as likely to monitor their medical information. In many cases, they can’t anyway, so thieves and hackers can plunder nearly at will.
You might be thinking, “My organization is too small to have to worry about a cyber attack.” But you’d be mistaken. From January 1, 2016, to mid-March, 28 healthcare organizations or business associates had reported data breaches of 500 records or more to the Office of Civil Rights’ (OCR) breach portal. Those affected included a handful of hospitals, physician practices, imaging centers and pharmacies.
Of those breaches, one-quarter were classified as thefts, and another quarter were the result of hacking or other IT incidents – so fully 50% of all breaches could have had malicious intent. Any organization that hosts patient medical records could be vulnerable. Working through a breach can be expensive, not to mention the potential loss of credibility among your patients and referral sources if not handled with the utmost care.
According to the Ponemon Institute’s 5th annual privacy and security report, criminal attacks are the No. 1 cause of data breaches in healthcare. Breaches have been reported by 90% of healthcare organizations and 60% of their business associates. Since 2010, nearly eight in 10 healthcare organizations have reported more than one breach.
So let this be a wake-up call to your organization. Data security is critical for your network servers, the software that runs on them and for the laptops that field staff use. Make sure that home health software is current and has been properly updated. Retrain your staff about the importance of protecting privileged data, for the sake of patients and for the organization. And if you are unsure the steps you’ve taken are adequate, do not hesitate to reach out for assistance.
Although the Health Insurance Portability and Accountability Act (HIPAA) was passed 20 years ago this August, its tenets still ring true. Protect your organization, its reputation and your patients by making data security a priority.