Data security is the ever present concern for the health industry. Doctor/Patient confidentiality is imperative for medical personnel. With recent changes to HIPAA regulations and the HITECH Act, as part of the ARRA stimulus, have brought the importance of data security back to the forefront of medical concerns.
In recent years, we have also seen that it is a concern that can never be taken for granted. An analysis from Secmaniac.com on data breaches documented by PrivacyRights.org shows that security breaches in the healthcare industry dwarf the number of breaches from other industries. And, those breaches have increased in recent years.
It is also important to note that these breaches have come from many different directions in many different forms. Magnetic data tapes were stolen from a GRM Information Management Services’ vehicle in New York city, in another situation a laptop containing medical information was stolen from the Sutter Health Foundation in Sacramento, and health records were downloaded from a server in Utah’s Department of Health. Data breaches can hit close to home, as well. Emory released information about a data breach connected to misplacing 10 backup disks affecting more than 300,000 patients. Unfortunately, these breaches are not unique, either. More than a hundred data breaches with similar stories are found across the countries from government offices, hospitals, data management companies, doctor’s offices, and billing companies.
Just from the above listed scenarios, we see that personal and medical information related to nearly 8 million patients was breached through hacking, thievery, and laziness and from multiple mediums (backup tapes and disks, office hardware, and cyber information). These events highlight the importance of security in all manner of data management. Computer hardware should be secured and monitored. Backups need to be stored securely. Old data should be decommissioned in a safe and secure manner. And, password management continues to be often overlooked.
These data breaches can cause lost contracts and lawsuits (as is the case with GRM Information Management Services) and add billions in costs to the healthcare industry as security efforts continue to rise. It is important to note that any company associated with the healthcare industry is at risk. Companies should not allow themselves to relax thinking that only big companies or hospitals are targeted. Improper data security connected with one backup or one disgruntled employee can leave a company vulnerable to fines and lawsuits.
The development of a security plan and security controls can be intensive and overwhelming, especially for smaller companies. Kardon Technology provides the assistance required by companies that do not have a fully-staffed compliance department to help with the ever changing data security environment.
These security and compliance plans help tackle all avenues of breach protection from basic computer protection through patch management and antivirus control to advanced backup protection (with Managed Online backup) and user control management. And, with the available Risk Analysis, we can monitor known vulnerabilities, as well as identify possible security flaws. Contact Us to schedule your HIPAA/HITECH Compliance Readiness complimentary evaluation.