Epic HIPAA Fail: Hospital Breach Exposes Sensitive Data

How safe is your medical information? Nothing that be giving you sleepless nights, right? Well, think again – you may be at threat. Over the years, we have been placing a lot of our information online. This includes a lot of our medical records and data about ourselves. What if this was stolen or in the wrong hands?

A company called Alomere health (non profit hospital) in Minnesota, recently declared that they were under attack from cyber criminals to have a security breach exposing personal and medical data of over 50,000 patients. How was this possible? The access points were two employee email accounts that were hacked. While they claim that they are well prepared and extremely cautious of their online security for years, simple email reviews and attachments in these two accounts led to the expose.

The threat that this brings about is immense in today’s world. To think that all of your data could be in the email of a hospital employee is one thing, but to think that it is unprotected is a completely different problem. Sensitive information of this kind can be a problem of enormous proportions to not just the hospital, but also to the clientele present.

Patient portals are meant to secure communication between patients and health care professionals, monitoring email activity and educating employees could be the first step towards protecting their data.

This is not the first instance of such an attack either. While it is not always possible to avoid malicious access, data protection is needed when processing and storing sensitive information like health care records. Reports have suggested that health records of more than 1 billion users have been at threat because of non compliance of HIPAA regulations. The first and foremost reason to this is that most healthcare facilities believe in isolation of data on its private cloud that is blatantly unrealistic. This only means that it is globally accessible leading to higher risk. In fact, health care is the no 1 at-risk sector for cyber criminals around the world. The most common mentioned reason for medical image and data leakage is because of network configurations. No system that is handling sensitive information should have connect to the internet unless there is a VPN or a strong method of authentication or security in place.

Security experts in the health care industry are not only adding layers of security to their eco system, but they are increasing educational sessions to their staff so that such risks can be minimised. Many experts are looking at robust systems to block access points to not only data but also to anyone who can allow access to a third party application. Since all of this data flows over data packets, it has to be stored in the most secure manner with systematic logs on access points.

Come to think about it, would there not be a better way for hospital staff to be more secure of the data that they hold? HIPAA compliance is the answer.

The Health insurance portability and accountability act is a US law that was passed to safeguard data and to keep it away from the wrong hands. Implementation of such a compliance is the easiest way to keep yourself protected from such threats. There are five main approach points to HIPAA and these are:

– HIPAA title 1 makes it easy for your to maintain coverable when your employment changes and that you are on a group plan. This makes it unlawful for group insurance plans to say no to people who do not eat to cover or take on lifetime maximum contracts.
– HIPAA title 2 directs US department of health and human services to establish national standards for processing healthcare transactions. This protects the data immensely.
– HIPAA title 3 directs new tax rules that is related to healthcare treatment.
– HIPAA title 4 adds additional details on the reform of the insurance law that
– HIPAA title 5 gives guidelines for life insurance policies made by businesses to handle income tax specifics when there is a US citizenship revoked.

The standards for recording health data and transactions are on the same code set and thus helps in transfer of information between healthcare providers, insurance companies and any other entity.

But what does this mean to the patients? How does HIPAA help them?

Though you may not see it, the biggest advantage is for the patient alone. HIPAA compliance means that all the healthcare providers, plans and business associates under the system must implement multiple safeguard points to protect sensitive information that may be personal or medical. There is no organisation that would want to expose data but HIPAA ensures that this data is protected from every threat. In case HIPAA is not followed, there are severe fines and even closure of businesses as penalty. The riles establishes organisations that have access to such information to restrict access to viewing and also who it can be shared with. In fact, patients are also given an option to choose who gets to see their data.

Having HIPAA implemented in the health care industry is not just a benefit, but a norm. It keeps your business protected and more importantly – your data protected. Data leaks can bring your business to a halt over night and can cause severe implications. Many healthcare businesses around the world have embraced HIPAA today to ensure that the information they hold of their clientele is completely protected. It is a must not just for today, but for the future of the health care industry.

Author: Gurgut.com

Gurgut.com is a Digital Marketing agency, with close to 15+ years client experience in web/online marketing project management & corporate training.

Leave a Reply

Your email address will not be published. Required fields are marked *

eleven + 8 =