Privacy breaches have been escalating in the healthcare industry at an alarming rate. Last year alone, more than seven million patient health
records were breached. Industry experts estimate the annual cost of those breaches to be over $5.6 billion.
In order to protect patient privacy, hospitals have been focusing their efforts on external intrusion detection and hard drive encryption. But in
doing so, they have been overlooking a far more insidious and growing problem: internal breaches by their own staff and extended care partners.
With the healthcare landscape shifting to integrated care and population health, hospitals are particularly vulnerable to internal breaches. In addition to a fluid workforce of new clinicians, interns and residents flowing in and out of the organization and roving from one workstation to another throughout the day, hospitals now need to share data outside their four walls in alliance with other providers and physician groups coordinating care as patients transition from hospital to clinic to home. The problem is compounded further by the accelerated consolidation of hospital entities through mergers and acquisitions. This confluence of factors is causing an exponential rise in the risk of unauthorized access andinappropriate use of confidential patient data.
To prevent compromising patient privacy and security, hospitals need to be looking at tools that can help them better identify and credential this widespread community of users and tightly control their access to an exploding volume of medical information. The balance is by necessity a delicate one. On the one hand, hospitals need to establish strong protocols to protect patient records and clinical applications from unauthorized use. On the other hand, caregivers need quick and easy access to their patients’ records and clinical applications to expedite quality care. This puts hospitals under enormous pressure to institute simple, yet secure log-on procedures that enable efficient navigation between clinical applications and patient data.
This white paper presents hospitals with ways they can balance the need for extended care teams to have rapid access to complete patient data with the need to safeguard patients’ privacy. This holistic strategy encompasses deploying IT tools to credential users and control their access to data, instituting best practices and elevating security initiatives to executive-level status in the organization to help foster a culture of security-conscience users.
