The critical battle to secure your electronic health records
From people peeking at Britney Spears’ medical records to thieves stealing almost five million medical records from a tape back-up, no healthcare issue garners more adverse publicity, or passion, than violations of patient privacy. While you might expect – since the institution of HIPAA and $250,000 fines – this is relatively uncommon now, you would be wrong.
This statistic will stun you:
In the last two years, 89 percent of healthcare organizations have experienced at least one breach that resulted in a loss of patient data, according to the Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data.
In fact, more than 112 million breaches of privacy occurred in 2015 alone, according to a recent report from the American National Standards Institute (ANSI). That is equivalent to the population of the states of California, Texas, New York, Florida, and Virginia combined.
Medical information: The hot commodity
It is not about just snooping anymore. Your medical information is worth 10 times more than your credit card number on the black market.
As the world moves toward electronic health records and Health Information Exchanges, concern about the vulnerability of private health information is escalating as the scale of these data breaches reach epic proportions. In fact, the largest hack to date filled the news with over 78 million records impacted.
The risks are real and global. And they leave an organization – any organization – subject to severe legal and financial damage, not to mention the damage to their reputation. None of these organizations affected were cavalier about their security compliance.
But let’s face it, the workforce is larger and more mobile now. The data is more prolific and ubiquitous and takes on many different forms, making it harder to protect.
Fighting back: The HIMSS Cybersecurity Hub
The size of this problem has become so immense that HIMSS is opening a cybersecurity hub in the HIMSS Innovation Center in Cleveland. The hub is a public exhibit and education center that helps people understand their responsibilities and vulnerabilities when it comes to managing and protecting health information – both personally and professionally.
“The new HIMSS Cybersecurity Hub enables visitors to engage in learning about ransomware, advanced attacks and data breaches,” said John Paganini, manager of Interoperability Initiatives for HIMSS.
This is no longer a hospital problem – it is everyone’s problem. If you can’t make it to Cleveland to see the hub, just follow along at #HITsecurity.
Yes, the thieves are getting more sophisticated. But so are the defenders of our privacy and security. For example, unlike most companies, here at Hyland, we have a dedicated team that lives and breathes security. In fact, they recently held their annual Security Week, five full days of sessions dedicated to topics like safe browsing, cryptography, password awareness, credit card chips, and more.
Inside, outside, data at rest, data in motion, data in use. These dedicated people worry about data in servers, on tablets, on phones. Who can see it, when they can see it, why they should see it. It really makes my head spin.
But I have had my personal protected health data breached three times now. Three times! Can you believe that? So I am grateful for the security team’s single-mindedness. And I’m going to attend every session at Security Week next year.
Staying more than one step ahead
Our security team is doing their best to make our products the most secure enterprise content management solutions and enterprise information platform on the market today. The team builds our solutions with native security controls and the strongest encryption tools available. That includes securing both the system and users with our flexible and granular security configuration wizard.
The best security is one that actually gets used. If it is too difficult or cumbersome to set up, administrators won’t take the time configure it to its optimal potential.
That’s why we develop our solutions – and their robust security settings – to make them easy to configure. You can also utilize Active Directory and LDAP to simplify administration. And, you further secure your information with https connectivity and file-level encryption on NTFS shares.
Do you employ users who need access to specific documents, but you want to restrict access to certain keywords? No problem. Administrators can create redactions on documents and they can encrypt alphanumeric keywords using AES-128 or AES-256 encryption. And OnBase is PCI-SSI certified, so your credit card transactions are safe.
Securing the cloud
Maybe your organization takes advantage of the convenience of the cloud. Featuring highly secure data centers, encrypted in-transit connections using transport layer security (TLS), built-in redundancy and data replication, the Hyland Cloud ensures your information is only accessible to the people who need it and have the rights to view it. We’ve been providing cloud solutions since 2000, so we’ve got the security aspect down.
Do you feel comfortable with where your cloud provider may shift your data? What if you have concerns about the jurisdiction of where your vendor moves the data? Can you control where your data lives?
We make sure you can.
Frequently overlooked, but an important, yet basic security rule, is this: Don’t leave your valuables lying around. That’s why our solutions, both on-premises and in the cloud, use automated retention records management – so you don’t keep data unnecessarily.
Medical information is tricky. It is a constant balancing act between security and accessibility. But OnBase marries the two goals successfully.
So, my thanks to the security team for their daily vigilance. Please don’t take too many days off.
And also, thank you to HIMSS for the Cybersecurity Hub, helping us all – me especially – stay more than one step ahead.