Texas Tech University Health Sciences Center
Preventing Health Data Security Breaches

Preventing Health Data Security Breaches

August 19, 2014

preventing-health-data-security-breaches- image0I have not written about the important topic of preventing health data security breaches in a while, so that is the subject of today’s column.

It is a matter which should be of utmost concern to all of us. We would not want the security of our personal health information (or key identifying data) breached and we must do all within our power to provide that same degree of concern and courtesy to our patients. Just yesterday, Community Health Systems, which operates 206 hospitals across the United States, announced hackers recently broke into its computers and stole data on 4.5 million patients.

Unauthorized people gaining access to protected health information is a big problem. According to Erin McCann, associate editor for Healthcare IT News, the number of patient health records compromised in a HIPAA data breach has gone up significantly in the latest reports. Somewhere between 40 million to 45 million patient records have been compromised since such statistics started being maintained.

A bit of history, the Health Insurance Portability and Accountability Act (HIPAA) became law in 1996. Its original intent was to make it easier for patients to transfer their health coverage between companies and to move medical records from one physician to another. Over the years, the emphasis of HIPAA has evolved primarily to data privacy and security. Texas Tech Physicians has good controls in place, but we cannot be too careful.

Experts recommend a number of things to mitigate risk, but here are some of the more common (but important) suggestions:

Perform regular risk assessments — look at mobile computing, VPNs and cloud computing.

Enact simple measures like ensuring routers are set up correctly, install firewalls properly and change passwords frequently

Know who has access. The distributed nature of health care data on an EHR is a two-edged sword, multiple physicians and others can see the same EHR, but the system is vulnerable to breaches because so many people and entities do have access to records, like hospitals, insurers and billing contractors.

Strengthen social media and file sharing policies.

Look for breaches or security incidents proactively.

Have an action plan in place in case a breach does occur.

There are also the more mundane, but equally important things, like logging off of one’s computer, locking doors to offices and not talking about any patient matter to anyone other than those who “need to know.” Let’s all make protecting private data a priority.