Is Somebody Hacking You?

With a push toward electronic health records (EHRs) and billions of dollars allocated for health care IT, it appears that whether we are comfortable with it or not, our private health information will be accessible on mobile electronic equipment that may not always be as secure as we would like. News stories have already informed us of hospital records that have been hacked, which makes securing patient records an urgent need.

While enforcing security issues may not directly involve biomedical/clinical engineering departments, biomeds will most likely lend their expertise to the EHR implementation process, and an enhanced awareness of the security issues involved can only support the overall efforts of a successful and safe implementation.

From April 12 through 18, the American Health Information Management Association (AHIMA) sponsored the sixth annual Health Information Privacy and Security Week. This year’s theme, “Protecting Information—It’s a Top Priority,” summarized its commitment to address the increasing concerns about the privacy and security of health information.

“The Obama Administration’s American Recovery and Reinvestment Act (ARRA) addresses the need for electronic medical records and health information technology,” said AHIMA President Vera Rulon in the company’s press release. “Continually educating health care professionals about the privacy and security of sensitive health information is a crucial step toward health care reform.”

The government’s Agency for Healthcare Research and Quality has a Web site that provides security advice and a module designed to help health care organizations reduce security risks. The site lists risks associated with electronic information, and it offers tools to help a facility diminish those risks to maintain the privacy and security of EHRs.

According to a release from Absolute Software, a provider of Computer Theft Recovery, Data Protection, and Secure Asset Tracking solutions, with the financial incentives the ARRA provides, digitizing health care records will expand, giving clinicians the ability to access health records on laptops, tablet PCs, and shared workstations—all of which increase the possibility of data and laptop theft.

Addressing this risk, Absolute Software compiled a list of mobile security tips to help health care facilities prepare for the implementation of the EHR. Five Things Hospitals Must Know About Keeping Digital Medical Records Secure includes:

1. Know the consequences of a data breach. If the consequences of a data breach are known throughout the organization, employees will understand the importance of preventing them.
2. Assess your organization’s situation. Before an organization can begin to streamline its IT security, it must have a firm understanding of what it needs to protect.
3. Implement a comprehensive data security plan.
4. Secure data on mobile computers. The more hospitals use mobile computers and PDAs, the higher the risk of theft and data ending up in the wrong hands.
5. Create a data breach policy. In the event of a data breach, there should be a standard procedure in place to minimize damage and for timely notification of supervisors, law enforcement, etc.

Times have definitely changed, and with that change we must adapt. As biomed involvement with IT and EHR execution grows, having advance and thorough knowledge of the security issues at stake will make for safe transitions.

Julie Kirst