On Breaches : Practices Prepared for Data Intrusion
being sent . These same tools can then decrypt the information so that only authorized personnel on the receiving end can read it and use it . The HITECH act lays out the requirements for encryption software and maintains that success in implementation depends upon the overall strength of the encryption algorithm and the security of the decryption “ key ” or process . Good encryption tools must adequately protect the data when it is “ moving ” ( as in , being sent through a network or wireless transmission ) or when it is “ resting ” ( in a database , a file system or any other structured storage method ).
In order to comply with a stringent HIPAA standard , and to adequately protect patient data , many healthcare providers are turning to verified third party security products and structures . The HHS recommends products that have been certified by the Federal Information Process Standard ( FIPS ) 140-2 encryption for health care data . This system has already been mandated by the United States Department of Defense for encryption , so it ’ s got credential in place . FIPS 140-2 is a powerful security solution that reduces the risk of exposure without increasing significant costs . According to the FIPS publication , FIPS 140-2 is “ applicable to all agencies that use cryptographic-based security systems to protect sensitive information in computer and telecommunication systems as defined in section 5131 of the information technology Management Reform Act of 1996 , Public Law 104-106 .” One of the long-running benefits of implementing a fully FIPS-140- compliant system is that it provides healthcare organizations a security level that will remain active and useful for a sustained period of time , even after 2030 . This is longer than most cryptographic systems .
Other Options
Practices that use sealed or closed networks and allow no outside access or file moving , might not require encryption tools , but they will still need to thoroughly document their reasoning for not employing encryption in order to avoid fines . Realistically , though , closed networks are a dying breed ( can you think of any office that doesn ’ t have Internet access ?). With an increasing number of electronic transactions in healthcare , including e- prescription services , patient portals and other methods of electronic communication , most practices are using open systems that necessitate an encryption service for premium protection .
Tech vendors should be able to readily assess whether your practice is secure . Given the public visibility that occurs when a practice endures a breach , there ’ s little reason for an organization to risk the exposure with technology system that don ’ t meet FIPS 140-2 standards for encryption . Without FIPS-140-2 compliance , cryptography functions have been shown to be less than 50 % accurate in being implemented correctly . This means essentially that there ’ s a 50 % chance that the cryptography system in place can be bypassed by a persistent “ hacker .” FIPS validation and certification gives healthcare providers a level of confidence in the security of their critical data and reduces the risk of incurring more costs in the event of a breach .
The Cost of a Breach
In 2011 , it was estimated that the average cost of a health care data breach amounted to $ 240 per record . This is about 24 % higher , costwise , than other types of data breaches in any other business . Imagine how many records are stored electronically and how quickly that kind of a breach will add up . The Health Information Trust Alliance estimates that of the 500 United States Health care breaches from 2009 to 2012 , about 21,000,000 records were exposed and added up to $ 4,000,000 in damages . Many may believe this is a problem only relevant to big hospitals , but they ’ re mistaken . A whopping 60 percent of these breaches occurred within smaller-sized physician groups . Of this fraction of data breaches , 67 % occurred as a result of theft or careless loss , 38 % occurred by data being intercepted from an unencrypted laptop or portable electronic device and 6 % occurred from external hacking .
Here are some of the things any healthcare practice must consider when preparing for ...
This article is Continued at : blog . PhysiciansOfficeResource . com / volume-7-issue-05
30 Physicians Office Resource