A recent Ponemon Institute study, surveying 80 healthcare organizations in the U.S. found that Healthcare providers don’t properly secure their health records or electronic medical devices very well. The survey “found that 75% don’t secure medical devices containing sensitive patient data, while 94% have leaked data in the last two years (mostly due to staff negligence).”
This finding indicates two things: 1. Healthcare organizations have missed the boat on computer and Internet security; and 2. the Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996, which, among other things, requires healthcare patient data to be secured, is not being obeyed.
By the way, HIPAA carries penalties of imprisonment for leaders of organizations who break this law. That having been said, I don’t know of any great number of hospital administrators who’ve been sent to jail. However, the Ponemon Institute surveyed hospital list is a starting place to build cases against the organizations who leaked patient data…duh!
It appears that the healthcare industry, like many others, feels it can’t be bothered with bureaucratic red-tape laws that make it more expensive and take longer to care for patients…the reason they’re in healthcare in the first place. I’m sure you’ve seen your physician’s nurse use the doctor’s account and password on patient record systems because he/she doesn’t want to be bothered with the computer and it’s security.
Cyber criminals love this type of environment to cast their phishing nets. They lure a nurse or other clerical assistant, with the physician’s access authority, to open a bogus email and click on a link that will lead to a—yes, you guessed it, a malicious Internet website that will inject malware onto the medical worker’s computer and get access to the organizations patient database, networked medical devices, and anything else they may find of interest to them.
What can you do to avoid your healthcare records and personal information ending up in the hands of cyber crooks? Not much. But you can ask your healthcare provider to explain how your medical records are stored, protected, and in compliance with HIPAA. Show them this article and the references linked here to educate them. Then, if they can’t or won’t answer your questions, perhaps you should find one that does know how and why HIPAA requires your medical records to be protected.
Reference: Study on Patient Privacy & Data Security
Be very careful…it’s dangerous out there.
I hope you enjoyed this article; and if you’d like to receive an email when a new article is posted, please sign up for an email subscription on my home page. Don’t worry…I won’t give your email address to anyone…No One; I hate spam too. Please share my blog with your friends and family. I’m also on Twitter @PaulsInternet .
Images courtesy of FreeDigitalPhotos.net and FreeByte.com