MetroHealth System, a hospital system providing quality care for over 175 years, has a history of constant growth and expansion. With humble beginnings in 1837 as the Cleveland, Ohio city infirmary, serving a population of 6,000 people, it experienced exponential growth with the arrival of the industrial revolution. Today, MetroHealth is one of the largest and most comprehensive public health systems in the country.
With increasing data breaches happening every year at major companies like Kohl's, Abercrombie and Fitch, Cigna and Anthem, it is more important than ever to know if your company is HIPAA compliant or not. Federal law requires companies dealing with private health information, or any business that hosts this information on their servers, to be HIPAA compliant.
Even if your company does not need to comply with HIPAA regulations, it is a good idea to protect other sensitive information like credit card numbers and customer employment information as strictly as private health information. Anthem's data breach in March exposed the records of more than 80 million people, many of whom were not even Anthem customers.
Since the start of the year, over 92 million medical records have been affected by breaches of the healthcare industry. According to recent news in Forbes, these breaches can affect customers both financially and in a more personal way with the private medical history involved making them more vulnerable. The fraudster could actually receive medical treatment under the victim's identity in the end putting the victim at risk of later receiving wrong medical service based on someone else's health information. The possibilities of complications stemming from these breaches are endless.
According to the article, it used to be that the top cause for patient data loss was an employee losing a device or having it stolen, but more recently the medical information is being obtained through cyber attacks on major medical organizations including Anthem, Premera and Carefirst. Because financial services and retailers have become savvier about protecting customer data the cyber criminals are now targeting the healthcare industry. "In a recent FBI presentation, Kam [Rick Kam, president and cofounder of ID Experts] says that the agency said that it had seen health insurance information fetching a price of $60-$70 on the black market as opposed to less than a dollar for a Social Security Number." This should propel all of the healthcare industry to do all they can to make the protection of their customers' private information a top priority.
Giva's cloud software rises above the rest by being HIPAA compliant. For more in depth information on this very important benefit , please see 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.
With new technology comes new dangers. Data breaches are a crippling threat to businesses nationwide for multiple reasons: business security has failed its customers and their information is unsafe (whether it be financial or medical), companies lose money when it is time to repay or monitor its customers by hiring third parties, and employees actually suffer job loss from these devastating breaches.
The Identity Theft Resource Center's Data Breach Reports defines a breach as "an incident in which an individual name plus a Social Security number, driver's license number, medical record or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format." As of December 16th, the ITRC recorded 744 breaches with over 81 million informational records compromised. Big businesses such as Home Depot, Target, Michael's, Neiman Marcus, and Bebe are victims of data breaches.
Firstly, data breaches can cause massive monetary damage. Elizabeth Weise from USA Today says, "Companies need [breach insurance] because they have to pay up when their customers get hit." The average monetary loss is $188.00 per customer hacked, which the company is required to pay back. Even a small business of 1,000 customers is then required to pay $188,000. Breach insurance can be expensive, but so can being the victim of a cyber attack.
Insurance and monetary compensation are possible solutions. However, most people do not realize the effects of security breaches on those in charge of business security. Data attacks can result in job loss. These job losses include Beth Jacob, CIO of Target; Maricopa County Community College District director, Miguel Corzo; head of Utah's Department of Health's technology department, Stephen Fletcher; and an Accretive Health employee responsible for the loss of an unencrypted laptop filled with sensitive healthcare information on over 23,000 patients.
When it comes to data breaches, there seems to be a greater margin of job penalty in the field of healthcare. Aside from the few mentioned above, Goold Health Systems fired an employee this year for downloading patient information onto a USB drive and then losing it. Highmark, Inc. fired a mail room employee for an error which disclosed over 3,500 patients' Medicare information without authorization. Two Georgia Hospital employees were fired for improperly disposing of an unencrypted desktop including information on over 6,500 patients. Boston Medical Center fired a third-party vendor after realizing they had posted data from 15,000 patients to the website without password protection.
Whether via carelessness, accident, or the work of a hacker, customer information must be taken seriously, especially when it pertains to healthcare. The lack of security can result in job loss. This is not a new issue: in 2006, four healthcare employees of Providence Health Care were fired for the theft of 365,000 healthcare patients' medical records. Thankfully, a security vendor was hired, and patients could sign up for information restoration and monitoring.
However, the healthcare business demographic accounts for almost half of ITRC's recorded data breaches, with hacking as the cause for more than a third of these breaches. Healthcare records provide a wealth of information, making them a huge target for cyber attacks. Because of this, federal law and the Health Insurance Portability and Accountability Act (also known as HIPAA) require security methods such as encryption of medical data to ensure a company remains protected from a data breach.
Businesses are going to have to continue to be vigilant in implementing their security strategies.
With Giva, security is of the utmost importance. This is why Giva is has worked to become HIPAA-compliant, with its cloud software complying with strict regulations, helping keep their healthcare - and all - customers' information safe.
Now more than ever, businesses need to be diligent about securing customer information. According to a recent news article, 2015 could be the "Year of the Healthcare Hack." Hackers could target both healthcare and insurance companies in order to secure customers personal information. The No. 2 U.S. health insurer, Anthem Inc., disclosed a breach of its database that has affected nearly 80 million records leading to investigations by state and local authorities. While in the past, cybercriminals have focused on the financial and retail sector; the new target is less-secure medical data. That being the case, many businesses are starting to focus more on security. According to research analyst Stephanie Balaouras at Forrester, "If your company execs are smart, they will make protecting customers' data and preserving their privacy one of their top business and social responsibilities in 2015." (Forrester)
With all the benefits of Healthcare Information Technology, the obstacle of cyber attacks must be addressed as well. Many businesses have prospered because of HIT and will continue to do so in the future. However, being proactive in addressing this security issue must be a priority for all businesses in 2015 in order to secure customer information. The Reuters article above mentions that "UnitedHealth Group Inc. and Aetna Inc. have been warning investors about the risks of cyber crime since 2011." Warning investors is important; preventing hackers from stealing customer information is paramount. In meeting the strict HIPAA compliance regulations for cyber security, Giva can be the answer to businesses concerned about this problem. For more information read 7 Key elements of Giva's HIPPA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.
In a digitized world, one of the greatest conveniences is health information technology (HIT). Considering nearly everyone in the US is a consumer of healthcare, there are numerous benefits to adopting electronic health records. The evidence report, Costs and Benefits of Health Information Technology, outlines a few. Health information technology is a means of electronically storing, recording, accessing, or transferring a patient's medical records. This includes health and medical history. Not only is this paperless and perhaps more reliable, but it allows for "clinical decision-making and disease management." It also allows for prescription filling, test ordering, and care reminding. For example, the system can provide alerts for necessary patient vaccinations or send a prescription to be filled at a pharmacy convenient to the patient. Overall, health information technology improves the efficiency of healthcare - a highly profitable, nationwide business.
However, adopting HIT is costly and requires change in the organization. It is considered an investment, but perhaps a necessary investment in terms of economic advancement. In non-financially focused studies concerning adoption of HIT, areas of improvement included increased productivity by the healthcare provider, improved patient safety and, subsequently, fewer adverse drug events (ADE) and time spent in hospitals to treat ADEs, and better physician decision-making. For example, the ability to reduce the "ordering of redundant clinical laboratory tests could produce an annual savings of $35,000 in laboratory charges." It is economically beneficial to improve the efficiency of healthcare.
In a day and age where nearly everything is digitized, it is only fitting a business as widely used as healthcare should follow suit. Adopting health information technology will improve provider efficiency while increasing consumer centeredness. Electronic health records are more personalized, more organized and more efficient. Although implementation of HIT is an expensive adjustment, benefits for both provider and consumer are apparent. Healthcare efficiency is important to society as a whole.
With efficiency of digital access to healthcare records comes the necessity of increased data security measures. The Federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, was passed to establish a national framework for security standards and protection of confidentiality with regard to health care data and information. Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. See 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.
Earlier this year medical records of 4.5 million patients were stolen from Community Health Systems (CHS) by a sophisticated group of Chinese hackers. According to the Washington Post the names, birth dates, telephone numbers, and social security numbers of patients were copied and transferred from the company's systems. This information has been protected under the Health Insurance Portability and Accountability Act (HIPPA) for the last decade. As required by federal law CHS notified all impacted patients and provided them with free identity theft services. The company’s liability insurance was expected to absorb the major financial impacts of the data breach. Their mandated Security and Exchange Commission Filing stating the consequences of the breach was published on August 18 and can be found here.The Health Insurance Portability and Accountability Act requires all companies contributing to healthcare services to protect patient’s personal health records with strict security and data encryption measures. Companies that suffer a data breach due to relaxed security measures can be found in violation of federal law. Penalties are strict. Significant fines that can jeopardize a company's financial standing and reputation are charged per incident. According to the FBI, the digitization of medical records has encouraged hackers to increasingly target healthcare companies. Strong security measures that align with strict HIPAA regulations are now required of all healthcare providers.
Fortunately, Giva makes HIPAA compliance very easy for our customers. The data center, hardware and software infrastructure of Giva's cloud help desk & customer service software meet the very strict HIPAA compliance regulations. Click on: 7 Key Elements of Giva's HIPAA-Compliant Cloud Help Desk Software for Electronic Health & Medical Records.
