Over the years, technological advances have made quite the impression in the health care industry. As health IT features like telemedicine, electronic health records and e-prescribing began surfacing, professionals and patients alike experienced an increase in the quality and convenience of care delivered. It’s no surprise that the technological world has been advantageous for the industry; however, hospitals and health care settings are now unfortunately more vulnerable to data breaches and will continue to be without taking extra precautions in cybersecurity.
Understanding the importance of cybersecurity and evaluating risk management is critical for hospitals intending to thrive. Let’s take a closer look at the changing health care landscape, the vulnerability of hospitals and how professionals can proactively secure data for the future.
The Changing Health Care Landscape
It’s undeniable that health information technology is paving the way for the future of health care. When professionals have immediate access to patient information – with EHRs, for example – they have the ability to reduce and prevent medical error, improve patient outcome and increase overall care quality. According to a national survey of doctors, 88 percent of providers reported that using EHRs clinically benefited the practice as a whole, and 75 percent reported that the health technology allowed them to deliver better care to the patients.
Even as beneficial as HIT facets have proven to be, the risk of cybersecurity threats heightens as health care settings increase use the of internet-enabled medical devices and electronic databases. According to a report from the National Business Group on health, 9 in 10 U.S. employers that offer coverage to more than 15 million Americans said they will make telehealth services available to their employees in 2017 – up seven from last year. As the industry takes advantage of telemedicine and its ability to increase patient and practice experience, health care professionals must prioritize risk management and increase cybersecurity to avoid potential breaches.
The importance of cybersecurity
According to the Institute for Critical Infrastructure Technology, health care data has become a growing target for hackers. That’s because, unfortunately, technologies like EHRs, data-sharing databases and digital devices have become the easily accessible avenues, which makes the first step of breaching simple and effective. Not only does cybersecurity vulnerability squash a hospital’s reputation by invading patient privacy, but it also makes it difficult for hospital administration staff to have overall control of the systems.
According to report from Experian, the health care industry has the potential to lose nearly $5.6 billion each year due to data breaches. To avoid these loses, health care professionals must make use of cybersecurity and get acclimated to the possible threats they may face. Ransomware is one of the more popular perils, but it’s not the only hazard to steer clear of, according to what Mac McMillan, CEO of CynergisTek consulting.
“Ransomware will continue to be a threat, as long as it’s effective,” he told Health Informatics Institute. “I think I would broaden it beyond ransomware, and I would say, any attack that presents an opportunity for the attacker to disrupt services and data and extort the victim. So, it could be ransomware or a zero day attack. At the end of the day, as long as the attacker can use it to extort money, they are going to continue to use it.”
Professionals need to keep these potential threats in mind:
- Phishing attacks – Disguised links sent via email that encourage staff members to share personal information.
- Ransomware – Malicious software that blocks access to computer information until an amount of money is paid.
- Cloud threats – When unexpected parties enter the cloud due to unnecessary or unrestricted access.
- Encryption data breach- When hackers figure out how to hide in encrypted traffic.
- Staff members – When staff members are uneducated about cyberattacks and don’t know how to identify them, making the practice more vulnerable to breaches.
Navigating monetary penalties when a security breach occurs
When a security breach takes place, health care facilities are not let off the hook with a slap on the wrist. The U.S. Department of Health and Human Services Office for Civil Rights enforces the HIPAA Privacy and Security Rules to investigate complaints and conduct compliance reviews. If the OCR describes the complaint as a violation, the health care facility may be subject to civil and criminal penalties. For example, the minimum penalty of an unknown HIPAA violation is $100 per case with an annual maximum fee of $25,000, while the maximum penalty is $50,000 per violation with an annual maximum fee of $1.5 million. Not only does this hurt a health care provider financially, it can damage their reputation as a trusted facility.
Challenges faced while strengthening data security
The answer to reducing cyberattacks may seem as simple as investing in new safety software, but health care administrators face challenges when they strengthen data protection and security. One major difficulty, for example, is the investment itself.
“Security, like any other non-revenue producing function, has the pressure of being a cost center, for the business,” McMillan told Health Informatics Institute. “In other words, the people who are trying to make decisions on how best to spend dollars that they have are looking at options that can generate more revenue and more business. These organizations are running against very tight budgets, they are running up against very low reimbursement and they are running against a lot of the financial pressures that healthcare has today. And, they are asking for dollars that don’t contribute to production of revenue.”
Hospitals must also develop an implementation strategy, which can potentially break up the practice’s workflow. The administration staff will be responsible for training the rest of the practice, which can be a timely task.
How to be proactive in health care settings to prepare for the future
Though health care professionals may experience challenges implementing cybersecurity, they will benefit substantially. By taking proper security measures, administrative staff can ensure all patients’ private information is secure, which will keep the hospital’s reputation to high standards.
To help professionals be more proactive about the well-being of the patients and practice, the Department of Health & Human Services recommended the following tips:
- Establish security culture – Educate staff members and ensure they take precautionary measures.
- Protect mobile devices – Develop mitigation strategies and use devices that support encryption.
- Maintain healthy computer habits – Uninstall unnecessary software from all devices.
- Use a firewall – Use a software product or hardware device to prevent intruders from entering the database.
- Install software – Use antivirus software to find and destroy malicious software.
- Plan for anything – Back up all files to ensure data is safe in the event of an unexpected disaster.
- Control access to information – Don’t leave information easily accessible. Make sure all staff members are using a control system with a username and difficult password.
- Change passwords regularly – No matter how difficult the original password is, continue changing it annually.
- Limit network access – Don’t give network access to anyone – use a controlled password.
- Control physical access – Keep track of all devices to ensure they’re never leaving the premises.
With these administrative, physical and technical safeguards, you can shape a safety protocol that caters to your facility.
As the need for stronger data security increases, so will the demand for jobs in the health care industry. Essentially, health care informatics professionals lay out the foundation of EHR and data security. By enrolling in the Master of Health Informatics program at the University of Cincinnati, you can gain the knowledge and skill set you need to succeed in the ever-changing industry. Some of the example courses in the program that can prepare you for such issues in health care include:
- The Healthcare and Public Health Landscape
- Health Information Legislation, Privacy and Security
- Workflow Process Analysis, Systems Development, Human Factors and Usability
- Leadership and Strategic Management in Health Settings
With a graduate degree, you can gain confidence in knowing you’re prepared for the complex work environment that stays on pace with technological advances in health care. If you’re ready to discuss the program and learn more about the path to your career, reach out to one of the members of the student support staff.