On Breaches : Practices Prepared for Data Intrusions
Dylan J . Chadwick Physicians Office Resource Staff Writer
T
hink about the word “ breach ” for a minute . What images come to mind ? Perhaps it ’ s of a red flashing air horn siren and a team of government specialists keylogging their computer systems to trace the perp who bypassed their firewall . Maybe it ’ s of a sickly tech geek being led away in handcuffs , having edged his way into someone ’ s system to add a few notches to his “ hacking ” belt . Whatever the case may be ( and no matter how influenced by action / disaster cinema ), data breaches aren ’ t to be taken lightly in any circumstances . I know , I know , this isn ’ t new . Perhaps you ’ ve even taken a seminar or read it in a policy handbook ... but according to various studies performed in recent years data breaches are an increasing occurrence common occurrence in the medical world and many practices aren ’ t making enough precautions to protect themselves in these unfortunate events ... and it ’ s costing them obscene amounts of money .
A report from the Ponemon Institute showed that roughly two thirds of US companies have experienced “ cyber-attacks ” in the six year period from 2006-2012 , a 650 % increase in the United States alone . , According to the study , 90 % of all the hospitals in the United States have been victims of a data breach in the past two years . Many experts attribute this figure to the numerous changes that have been made to the way patient information is stored . Certainly , the Health IT industry has grown drastically changed in recent years , and these data breach figures aren ’ t a slight to their efforts . It ’ s just that deep down , attackers can uproot any technology put in place , and end up resulting in a costly breach .
Noncompliance
The healthcare industry takes emergencies seriously and proactively plans for various problems it sees down the road . Still , a 2012 National Preparedness Report conducted by the Federal Emergency Agency indicates that most health care providers simply “ aren ’ t ready to take on a cyber-security attack .” To put these findings in more concrete terms , only 42 % of state officials believed that their health organizations were adequately prepared to face a cyber-attack .
Sensing a need for more rigorous patientdata security , the Health Information Technology for Economic and Clinical Health ( HITECH ) act was signed into law in 2009 . Under the HITECH act , health care providers can actually be penalized on the grounds of “ willful neglect ” if they fail to demonstrate any reasonable and measurable attempts to take proactive care in protecting patient data in the event of a breach ... and these penalties are not chump change . They range from $ 250,000 in citation fines , and up to $ 1.5 million for any uncorrected violations . These financial penalties are constructed as incentives to prevent serious data breaches .
ENCRYPTION
Encryption protects patients against identity theft and comes in handy when information is needed quickly and must be made mobile or transferred to emergency personnel . Encryption tools convert any information in a file or document into an unreadable format before
www . PhysiciansOfficeResource . com 29