Healthcare information security is a major concern for healthcare providers as well as governments across the world. With patient health records being digitized, there is the danger of health information becoming compromised or stolen outright. Cyber security is a top priority for health systems managers everywhere. But there are problems that go beyond the typical cyber threats that can cause serious security breaches. These serious threats include the following:
mHealth (mobile devices)
With so many health and wellness programs and procedures becoming available on mobile devices, hospitals and clinical practices must be aware of the threat of security breaches and hacking of health data. Doctors, nurses, and hospital staff are using tablets and mobile devices, and so are patients and visitors. This means a potential for security breaches on both sides of patient care.
Network access control (NAC) solutions can be a smart move in order to keep health data as secure as possible. NAC identifies each type of user and device and then has the ability to scan for threats or out-of-date spyware protection. NAC solutions can also keep other devices and equipment secure where so many devices are inter-connected.
According to Becker’s Hospital Review, fifteen percent of security breach incidents in the healthcare industry in 2013 were caused by insider misuse . This term refers to instances in which employees of an organization steal property or data or commit other crimes. Surprisingly, the reason insider misuse stands out in the healthcare industry is because of the amount of people who get jobs in the industry for the sole purpose of infiltrating the system and gaining access to patient health information. They typically steal this information to gain access to money or in order to commit tax fraud.
To prevent insider misuse, organizations will audit all devices used by staff members. Healthcare providers need to be vigilant in their efforts to monitor access to patient information, and audits can be a reliable way to see who has accessed what information. Data loss prevention products can be used to show data exfiltration — when patient data is transferred outside the organization.
It’s not always unscrupulous people out to do harmful things that compromise healthcare security. Becker’s Hospital Review reveals that in 2013, unintentional staff actions causing a compromise in patient data security accounted for 12 percent of security incidents in the healthcare industry . These mistakes can be as simple as misplacing a patient’s chart, or a security system underperforming. They also happen when old computers are discarded without patient information being removed.
While mistakes will always happen, quality control measures and protocol can lessen the negative impact of unintentional mistakes or actions. Graduates of health informatics programs can take these matters into their own hands once they begin their career. Healthcare security will only grow more important in the coming years and graduate classes can teach you the newest ways to defend against security breaches.
Threats to the supply chain of hospitals can also be overlooked. But each vendor a hospital interacts with presents a potential for a data breach. From transactions with vendors to pharmaceutical shipments, supply chains must be security checked at every step.
In the last two years, legislation has been passed that will have a major impact on supply chain security in the future, including the FDA Safety and Innovation Act (2012), Unique Device Identification (UDI) (2013) rules and the Drug Supply Chain Security Act (2013).
Along with cyber threats, there can be other threats to healthcare security that are just as serious. Hospital employees can play a part in security breaches. Whether employees are making mistakes or intentionally stealing patient data, protocol to prevent loss must be in place. The world we live in has an increasing amount of devices connected to the internet, and each one presents a pathway to information. The MSHI program at UIC helps prepare its graduates for this ever-changing world of healthcare and technology by offering courses in security and data analysis.