Government agencies and large businesses are the usual high-profile targets of cyber attacks, but they are far from the only ones who can be at the center of a cybersecurity breach. Hospitals and other healthcare providers are increasingly finding themselves dealing with data security issues. According to Privacy Rights Clearinghouse, more than 150 breaches at medical institutions this year have unnecessarily exposed more than 646,000 records.
One of the latest breaches of medical information occurred at Temple Community Hospital in Los Angeles. On July 3, a computer contained the CT scans from about 600 patients was taken from the hospital, the Los Angeles Times reported. The computer files contained information such as patient names and hospital account numbers, but no personal account information, Social Security numbers, credit card numbers or other financial indicators, according to the hospital.
While Temple Community Hospital said it had back-up files for all of the information contained on the stolen computer, it has made no mention as to whether the sensitive information data had been encrypted.
“In order to prevent an escalation of data breaches, it is essential for federal and state governments to develop stringent standards to ensure encryption of private health information,” Erica Cohen, a third-year law student at Drexel University’s law school concentrating in health law, wrote in an August 31 blog post for Philly.com.
By encrypting data found on computers, a healthcare organization can more reasonably ensure that information will remain safe even if a device containing medical records is lost or stolen. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is the U.S. law that requires healthcare providers to take certain precautions for protecting patient data, and the U.S. Department of Health and Human Services has issued guidelines for encryption with healthcare data and has strongly encouraged the use of encryption. Also, using encryption reduces the need for notifying affected patients in the event of a breach.
Should encryption of data be a requirement for healthcare providers’ layered security measures? What application control measures should all hospitals be forced to include? Leave your comments below to let us know what you think!