U.S. federal law requires any organization dealing with private health information to be HIPAA compliant, which means that hospitals and healthcare organizations must adhere to HIPAA's strict security guidelines. In a radical change from just a few years ago, many healthcare organizations utilize the public cloud, allowing at least some PHI or other personal data to be accessible through the Internet. Unfortunately, human error, bugs in hardware, application software and operating systems add to the complexity of securing healthcare data—and data breaches are not uncommon.
Data breaches to a healthcare organization can be a crippling threat for multiple reasons. A security breach decreases patient trust, and organizations may have to incur liability to reimburse patients for costs or damages from the breach. Healthcare organizations will have to spend time and money working with patients to help them monitor their credit reports for fraud and other issues by hiring third parties. In addition, organizations are often compelled to terminate the employees that are responsible for the lax security that caused the data breach. Avoid these potentially costly issues by considering the four suggestions discussed here. Ultimately, they can help healthcare organizations decrease costs and increase the security of PHI.
In order to increase the security of healthcare data, there are four key areas that need to be addressed.
- Providing healthcare services requires many actors to have access to PHI across geographies. A national personal eHealthcare Record (eHR) would increases data security.
- The healthcare industry should mimic the financial services industry and adopt best practices.
- Mitigate size and scale issues of smaller healthcare organization by using HIPAA compliant cloud-managed services providers and applications.
- Implement a national system of two-tiered eHR records where the top tier provides a higher level of security for more sensitive personal diagnoses.