A 2017 health care consumer survey by Accenture found more than 1 in 4 individuals have had their personal medical information stolen in a health care data breach. Even worse, half of those data-breach victims were then victimized again by some type of medical identify theft, costing an average of $2,500 in out-of-pocket expenses.
Personal medical information remains one of the most sought-after types of data for cyber criminals to steal. While this should concern us as patients and consumers of health care services, it should also create a level of urgency for health care providers to implement the strongest measures possible to secure patients' data.
For health care organizations, the stakes of a data breach can be enormous: steep fines and penalties from HIPAA regulators at the federal and state level, the potential for costly lawsuits, and the public outcry and publicity that damages the organization's reputation and public trust.
Here are tips for securing an organization’s most sensitive health care communications.
Develop a set of rules and policies for staff’s handling of patient data.
Create a set of policies and procedures regarding how employees must handle protected health information in any environment, on any device.
Document this corporate governance policy, distribute it across the organization, and conduct mandatory training for all staff.
This set of policies will help minimize the risk of data breaches. It can also serve as helpful documentation demonstrating the organization's compliance with HIPAA and other privacy laws.
Train employees to be alert for hackers' most common scams.
According to data compiled by the HIPAA Journal, email scams represent the second-highest method for stealing health care data in the first quarter of 2018. Employees need to be trained to be smart about dealing with emails, websites, suspicious links, and file downloads. They should be instructed to not download attachments in emails from unrecognized people or businesses, and not click on short-links or links with too many subdomains as these could contain malicious code or ransomware.
Upgrade fax infrastructure to a HIPAA compliant secure transmission service.
Faxing continues to be one of the most commonly used communication methods in today's health care industry. The problem is, the traditional health care fax infrastructure of desktop fax machines, in-house fax servers, and analog fax phone lines are all vulnerable to patient data attacks and even HIPAA violations.
For example, paper faxes left sitting on an office fax machine can lead to unauthorized personnel viewing (or even mistakenly taking) documents containing personal patient information. An innocent mistake can compromise patient privacy and fall short of HIPAA compliance. Remain vigilant in handling of faxes or move to a more secure electronic transfer of patient information. Participation in a health information exchange such as OneHealth New Jersey also offers the option of direct messaging to email health information to patients and other providers.
Hackers become more sophisticated every year because there is big money in stealing personal health data. Cyber thieves respond to health care providers' fortified networks by devising even more clever workarounds.
It is imperative to keep staff informed regarding the latest tricks, scams, and threats to the organization's communications and data. Hold regular organization-wide meetings to make sure everyone in the organization understands the latest tricks and scams.
To learn more about how OneHealth New Jersey can help your organization more securely manage health care communications, contact Marlene Kalayilparampil at 844.424.4369.