By Mark Hickman, COO, WinMagic
Given the rise of mobile computing and bring-your-own-device (BYOD) policies in healthcare, today patient data resides everywhere – desktops, laptops, smartphones, tablets and USB drives.
Gone are the days where personal health information lived solely in a giant filing cabinet. Although this shift has improved communications throughout the system, the once straightforward process of protecting a patient’s private health information has evolved into a complex and overwhelming undertaking.
According to recent industry research conducted by Ponemon, an independent institute for privacy, data protection and information security policy, 91 percent of healthcare organizations and 59 percent of their business associates have had at least one data breach
involving the loss or theft of patient data in the past 24 months. This rise of data breaches doesn’t seem to be slowing down. In fact, the Office of Civil Rights (OCR), reported 2015 was met with 253 healthcare breaches
that impacted approximately 500 individuals, totaling a combined loss of over 112 million records.
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
When we refer to personal health information at risk, we’re not just talking about historical health records – the potential for a data breach casts a much wider net, including patient billing information, clinical trial data and even employee information like payroll numbers. With so much sensitive, unprotected data up for grabs, we’re inclined to ask ourselves – why?
Why does this keep happening, and what can we do to fix it?
Although there is no “quick-fix” solution to this growing problem, there are actions healthcare organizations can begin to take now that, over time, will help solve the data breach problem.
1. Encrypt everything
Experts believe personal health information (PHI) is so attractive due to the high profitability of the personal and financial information contained within medical records. As a result, health providers should exercise the concepts of “encrypt everything” and intelligent key management, both of which must be handled separately. Isolating the encrypted data from the encryption key will prevent a security compromise from occurring.
2. Enforce policies on lost or stolen devices