Achieving Pain-Free Data Security for Physician Practices
By Mark Cline
It’s widely accepted – and understandable - that the primary goal of any healthcare practice is to keep its patients as healthy and safe as possible. But what about keeping their data safe, too?
The CDC estimates that close to 80 percent of office-based physicians use some form of EHR – up from less than 20 percent in 2001. Think of all the personally identifiable information (PII) these electronic documents house – social security numbers, dates of birth, home addresses – not to mention credit card, medical history, and health insurance details.
Despite these confidential records going digital, data security has been shaken off for far too long, and far too often, as a less essential aspect of running a successful and reliable medical office. And the proof is in the breaches.
Last year was a tough year for healthcare. With 65 percent of the data breaches across all industries occurring in the sector, some even called it “the year of the healthcare hack.” Cybercriminals can sell healthcare records for a lot more than credit card data on the black market, so these attacks won’t be stopping any time soon.
While the hackers profit – the affected medical offices lose money. The average cost of a HIPAA-related record breach is more than $200 per patient record, and these costs are borne directly by the owner of the practice. Not to mention that multiple offenses can lead to loss of license and prison.
While HIPAA does not specifically spell out the requirements necessary, it does mandate the need to place safeguards to protect patient health information. These requirements become increasingly complicated as more and more doctors want to offer WiFi to their patients and employees, which is generally no longer seen as a luxury but a necessity.
To many practice owners, data security can seem complex or like just another expense, especially to smaller practices with non-technical staff. In fact, only 33 percent of healthcare organizations agree they have sufficient resources to prevent or quickly detect a data breach. Many think it will never happen to them. But the truth of the matter is that only “The Big Guys” like Anthem, Excellus, and Premera (to name a few) make the breach headlines … precisely why hackers target the little ones.
But even small offices that lack IT resources should be able to access and benefit from enterprise-class network security. Managed security service providers make it simple and affordable to maintain strong data security and HIPAA compliance. Their goal is to ensure that medical practices are protected from both internal and external threats by providing them robust and powerful network management, security, and compliance services at a fraction of the costs associated with a self-managed solution.
On top of network and data security, secure wireless solutions are available through these providers so patients can access the Web while waiting for their appointments, improving the customer experience and comfort level while protecting their data. All of these implementations can be done through simple, remote installation to seamlessly integrate with the office’s current network on a timeline that works for them and doesn’t disrupt their patient service and care.
Hackers will continue to attack medical practices with laser focus as long as two truths remain – 1) Healthcare organizations continue to house financially lucrative personal information and 2) These practices continue to lack resources, processes, and technologies to prevent and detect attacks and adequately protect patient data. One of those things can never change – but the other can start right now.
The technology exists to protect healthcare practices of all sizes while keeping the burden off the practice owner’s shoulders. In order to stop the threats, however, medical offices need to take the essential step to actually use it. Diminished stress about breaches and greater confidence in their security postures means practices can focus on the most important thing – keeping their patients healthy.
Mark Cline is vice president, channel sales of Netsurion in Houston.