The FTC recently announced a settlement with Henry Schein Practice Solutions, Inc, worth $250,000. Henry Schein was found falsely advertising proprietary security software to dental practices saying that it delivered “industry-standard encryption of sensitive patient information” and could help “protect patient data” as per HIPAA requirements. And all of this was clearly not the case.
It was a long ordeal that offers several lessons to those using and selling patient data tools. For starters, it is important for health care information centers to always encrypt information they carry instead of camouflaging it. Secondly, exaggerating your data protection capabilities and potentially misleading clients in this area can lead to FTC sanctions. And lastly never forget that healthcare providers, vendors, and payers are under scrutiny from HHS, HIPAA and FTC, ensuring that all parties involved deliver proper patient data privacy.
Statistics show that only 63% of healthcare providers encrypt patient health information on work devices. And even fewer organizations have a HIPAA risk management plan.
This is enough incentive for hackers to try their hand at breaking into hospital information systems. And they aren’t short for incentives. Hacking has a huge profit motive with private patient data being sold on the black market. This confidential information can be used to create false insurance reports as well as order medicine, drugs and equipment to be sold for cash. A recent research, featured on the Trends Micro Blog, shows that cybercriminals are very organized and generating extraordinary profits. The largest bank heist in history was $30 million. The annual cost of cybercrime is around $445 billion.
Highly sensitive patient information must be protected from unauthorized access, and encryption is the only viable option healthcare providers have right now.
High quality encryption is a disincentive for hackers, significantly minimizing the risk of data breaches and stolen information being put to malicious use. However, it is essential for information holders to realize that effective encryption requires cautious data management to be successful, and does nothing to defend against insider threats to patient data. Loss of computer equipment and internal fraud are also huge threats to the security of hospital data. Most break-ins in healthcare systems have been a result of lax security. In fact a 2011 report found “no empirical evidence of a decrease in publicized instances of data loss associated with the use of encryption”.
However, encryption remains an effective method of protecting against hacking and ransom ware attacks. In order to deal with internal security threats, it is important to put in place a “broad set of practices, including training and awareness programs, manual procedures and controls, and strong identity and access-management deployments” as per the findings of this report.
As one of the leading peer reviewed healthcare journals, Telehealth and Medicine Today™ offers extensive resources on digital information and telecommunications technologies in patient centered care to ensure the effectiveness of your telemedicine program implementation. Check out our past issues right here.