The U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA) defined national standards to ensure the privacy of patients’ medical records and personal health information.
Healthcare Data Security
In August 2017, the HIPAA Journal cited measurable breaches in data security for the healthcare industry. Some of the findings revealed:
[B]etween January and June 2017, there have been 233 reported data breaches. Those breaches. . . impacted 3,159,236 patients. The largest reported breach in the first half of the year resulted in the theft of 697,800 records and was caused by a rogue insider, 1 of 96 incidents involving insiders. Out of those 96 incidents, 57 were due to insider error (423,000 records) and 36 incidents due to insider wrongdoing (743,665 records).
This disturbing data implies outside/hacker breaches are less of a threat than non-compliant behavior by your own employees.
Minimizing Risk: Healthcare Security Data Breaches
It is up to your organization’s IT staff to minimize security risks involving equipment that utilizes the latest technology, which includes mobile and off-site access to patient data (such as cardiology and pulmonary diagnostic test results). Epiphany’s engineering team has tested our application and put processes in place to prevent healthcare security data breaches.
What You Can Do
- Apply data encryption to active and inactive data.
- Control and monitor all log-ins; train users to log-off when not using applications.
- Epiphany’s Cardio Server has a customizable, automatic log-off feature to protect PHI.
- Educate employees and make them active participants in your program to reduce security breaches.
- Regular training and awareness regarding security are good, constant reminders to keep guards up and maintain skepticism towards phishing scams (emails or phone calls requesting suspicious information).
- Deploy applications that provide comprehensive HIPAA logs.
- Put firewalls in place to control employees’ access to at-risk websites.
- Use secure application program interface (API) technology with authentication and encryption; all points of entry into the system should be tested and documented.
- Offer secure, remote access to information for physicians.
- Enable secure, single sign-on using Active Directory.
Epiphany and its products align with best practices for today’s security standards. Read our Information Technology FAQs to learn more about ways we can work together to minimize healthcare security breaches.