Healthcare facilities are a treasure troves of sensitive data for cyber criminals. As more hospitals and medical offices convert their data storage to an electronic personal health information format, they become more vulnerable to data thieves seeking patient Social Security numbers, addresses and medical information. While electronic records has significant advantages as a filing system, until healthcare providers start taking their security seriously, patients’ sensitive information will be at risk.
IT investments in healthcare
Brian Eastwood, senior editor for CIO recently examined The Privacy & Security Forum presented jointly by Healthcare IT News and the Healthcare Information and Management Systems Society, and found that IT spending accounts for less than one percent of many health organizations’ budget. In comparison, companies in other industries allot as much as 12 percent of their spending toward IT resources. If the price of enhancing data security measures is discouraging healthcare providers from doing so, the cost of neglecting data protection could be far worse. At the Privacy & Security Forum it was noted that rectifying a significant security breach could cost an organization up to $3 million. That number doesn’t take into account any fine the federal government may levy against the offending hospital.
Mobile device security concerns
The forum also cited hospital administrations’ adoption of Bring Your Own Device policies as a growing security concern. While staff members may enjoy the increase in productivity, they should take caution when engaging sensitive patient through mobile devices. Options for maintaining an acceptable level of security while still employing a mobile device policy include creating separate networks for personal device access and sensitive data storage, utilizing application control and using filters to detect and flag electronic records in hospital emails.
Protecting patient privacy and security
The move to electronic personal health information records in the healthcare industry has largely been a cause for celebration, but it’s not without its own set of challenges. As long as hospitals act as storage facilities for large swathes of sensitive patient information, they will be targeted by cyber thieves. Hospital administrators must make data security a priority and take steps to ensure the safety of patient records.
Are hospitals doing enough to protect their patients’ privacy and security? Should patients be worried about who has access to their medical records? Tell us what you think in the comment section below!