The long reach of litigation has grabbed onto every element of the healthcare industry, creating something of an arms race between prosecutors and medical clinic administrations. As technologies, such as electronic health records, keep growing and moving, new issues can be unveiled and exploited. Patient confidentiality, for example, has become significantly more complicated to protect than it was 20 years ago. That doesn’t change the fact that federal and California law allows patients to sue doctors and clinics for failing to take reasonable measures to protect their confidential information. This means it’s more important than ever before for healthcare facilities in California and throughout the nation to implement security systems that protect their patients’ information.
2015: The Year Anthem Was Left Unshielded
Just what makes your servers so desirable to unauthorized eyes? The information in patient records is rare in its comprehensiveness with regards to personal information, including financials. Just ask Anthem, whose 2015 breach compromised more than 80 million patient and employee names, providing hackers with precious details like their income information, social security numbers, and birth dates.1 Or, in other words, just enough information to sign up for, say, a credit card in their names or to publicize their medical history. While it cost Anthem well over $100 million (with estimates up to $16 billion), the lifetime of weakened security against identity theft for the 80 million people cannot be understated. An excerpt from a lawsuit against UCLA Health has this to say: “Of all possible forms of identity theft or identity fraud, medical theft is arguably the worst and most permanently harmful from the victim’s perspective.”2
Some 4.5 million patients were affected by that data breach.
There are a number of ways to protect yourself and your business here. With the rapid developments in technology, there are no solutions that will be indefinitely foolproof. Taking the proper steps, though, leaves evidence for regulators that you’ve taken every reasonable measure to protect your clients’ data. Additionally, the presence of those layers of security will reduce the impact of a breach if it does happen.
Making a Difference From the Ground Up
You know that there’s room for improvement in network security. That’s true for any company. Even here at DiamondIT, we’re constantly looking for ways to improve our own security. But, let’s look at some things that can be done right now that will put your clinic in a better position. First, all of your employees need to be on the same page. They need a baseline understanding of the important security risk factors that come with your line of work. There are many common ways that employees can create access points for identity thieves, and it does not take much to emphasize to your team that you’re taking patient and employee confidentiality very seriously.
The data management tools you have are likely to be as powerful as any you’ve worked with in healthcare. That’s simply the direction the software is headed in. With that, there are some advanced ways that you could tweak processes to significantly increase efficiency between devices and staff. When employees get excellent training and a strong security blanket like DiamondIT behind them, it lets your staff focus on what’s really important.
How to Spot a Secure Network
How can you tell if your network setup is operating in a way that will protect your patients and employees’ identities and protect your litigation defense fund? First of all, a common characteristic in secure facilities is that their data are stored in an encrypted and protected place, often remote like a cloud server. Other qualities include:
- All devices in the system are efficiently networked to roll out updates comprehensively.
- They receive an outside-party network assessment at least once a year.
- Regular staff training is provided so all are able to recognize phishing scams and other social-engineered breach attempts, and they learn best practices.
- Is there a plan in place to quickly identify and remediate a breach? While documenting the efforts to protect data is important, having a plan to minimize and communicate a breach can be just as important.
The protection of data in a clinic is, of course, a moving target as technology changes so much every year. DiamondIT invests a lot of time and money in training its staff in the latest technologies as well as relevant changes in the law so that clients get the best possible protection. A large part of security is knowing what areas need to be checked for security flaws and keeping pace with the technology developments. Much like the need for new flu shots every year due to the constant changes of seasonal influenza’s makeup, we are constantly developing and sourcing new treatments for whatever viruses may attack our clients’ systems. It’s time to take your medicine; reach out to DiamondIT and let’s get started.
- “11 Data Breaches That Stung US Consumers,” Bankrate, http://www.bankrate.com/finance/banking/us-data-breaches-2.aspx. ↩
- Jennifer Able,“Class-action suit filed against UCLA Health over patient-data security breach,” Consumer Affairs, https://www.consumeraffairs.com/news/class-action-suit-filed-against-ucla-health-over-patient-data-security-breach-072315.html ↩