The article revealed that the Internet connection serving all Boston-area hospitals is attacked about every seven seconds, prompting Beth Israel Deaconess Medical Center to block about 98 percent of incoming emails, the hospital’s chief information officer, Dr. John Halamka, said.
“Most often, people do this in Eastern Europe and China because they want to use it as a spam relay.” Of much greater concern, Halamka said, is organized crime involving the theft and sale of electronic medical records to people who may use those records to pay for operations and treatment. Other thieves may use the data to falsify drug prescriptions or to steal a doctor’s license number. A single patient’s medical record is worth $50 on the black market, according to a panel of cyber security specialists at the Digital Health Conference held in 2011.
The Ponemon Institute released a survey on this topic in March 2014. That survey found that criminal attacks have surged in the past four years, from accounting for 27 percent of health care data breaches in 2011 to 40 percent this year.
Protecting Personal Health Information (PHI) has become exceedingly complex as health systems convert from paper records to electronic. There are literally hundreds of ways patient information can be compromised and the tools we are provided are generally inadequate to meet regulations as required by HIPAA. (HIPAA stands for the Health Insurance Portability and Accountability Act, a US law designed to provide privacy standards to protect patient’s healthcare information.)
Versio by ScribeRight (Versio) has been in the clinical documentation industry for over 14 years. As CEO, Lisa Pike, has said, “HIPAA is ridiculously strict and incredibly vague.” This strict/vague conundrum has some organizations over-compensating and others not being careful enough, albeit unwittingly. “At Versio, we take PHI security very seriously. Our mission is to ensure that every patient has an accurate health record and that organizations can count on us to keep those records secure,” said Ms. Pike
The Director of Technical Services for Versio, Thom Steinert, shared some thoughts regarding data security.
Q: What do you see as the biggest threat to data security in any organization?
TS: Unfortunately, people are the weak link in security. Much of the time lack of training and awareness is to blame, but even authorized users are subject to being careless.
Q: What are some simple steps to ensuring data security is top-of-mind in the organization?
TS: Develop an in-house awareness program. Broadcast security reminders regularly and plan training sessions to occur at scheduled intervals.
