Because of the massive Medicaid data breach in Utah, much of EMR related news lately has been focused on security-related issues. Now more than ever, the public wants to know what is being done to protect their PHI, and health-related businesses are scrambling to make sure they have proper safeguards in place to avoid being the next one exposed on the infamous HHS “wall of shame”.
Of course, there are government checklists regarding the data safety measures that must be undertaken, but in some cases these are only as proactive as those who implement them. According to Fierce.EMR.com, more and more healthcare sites have taken on a “checklist mentality” when it comes to data security implementation, overlooking a bigger picture. Employing regulations in this manner is dangerous business because there may be weak places in practices’ PHI protection system unique to their workflow etc.: ones which are not shielded by current law.
Finding the vulnerabilities in your practice can be difficult, especially from an inside viewpoint. Consulting firms can help you identify individualized threats and formulate solutions, and sites need to have a security ‘check-up’ every year. Try to imagine the effects resulting from unauthorized disclosure of differing data types, and act accordingly to ensure the appropriate level of protection. We can certainly learn this from the Utah incident.
Healthcare organizations also need to crack down on personal electronic device regulations. An estimated forty percent of breaches take place due to personal electronic gadgets such as laptops and smart phones, requiring encryption could bring landmark improvement to the security of your data. Currently, only devices on which “PHI” is allowed are required to be encrypted; this is somewhat of a joke because so many facilities turn a blind eye to current device use regulations, especially for employees of higher status. Lastly, hackers often gain data access by testing for simple things authentication procedures and weak passwords (read Mitch’s blog about making secure passwords), so we don’t necessarily need to be computer gurus to make sure our data is safe.