Digital solutions and higher connectivity in healthcare may unlock new capabilities, but this trend has come with a unique set of challenges as well. In recent years, there has been an explosion of patient data, and often these come from multiple sources. Aggregating this information can create new security concerns, as can sharing it with colleagues, patients or between networks.
Patient safety and privacy is a critical pillar of modern healthcare, but the increases in connectivity have created new opportunities for information to be lost or stolen. Fluid information exchange can allow for better treatment opportunities and improved clinical outcomes, and for that reason, providers, developers and vendors will need to continue to work together to address security issues.
How connectivity can create new security challenges
One of the biggest issues facing modern health IT is balancing what is convenient with what is secure. Patient portals and other engagement tools are useful for promoting collaboration, but if patients find them difficult to use because of strict security measures, they may abandon them. Similarly, busy doctors and other health professionals demand systems that are minimally disruptive. Double-encrypted passwords and other measures can still feel like a burden on users, even if they represent a bare-minimum in terms of privacy.
The most pressing concerns
A survey of members of the College of Healthcare Information Management Executives and the Association for Executives in Healthcare Information Security found that there is some agreement on the largest issues regarding the security of patient data and connectivity. Ransomware, hacking and malware were cited as some of the most serious concerns related to privacy in healthcare.
“Two-thirds of breaches were caused by a lost or stolen employee mobile device.”
Unfortunately, sometimes a breach doesn’t need to be particularly sophisticated. Bitglass found that while a quarter of security breakdowns between 2010 and 2014 did come from a hacking incident, over two-thirds of breaches were caused by a lost or stolen employee mobile device. This is a critical statistic, especially as more practices utilize smartphones and tablets for EHR access and other tools.
Medical information is extremely valuable on the black market, and Reuters reported that it may yield 10 times more than a credit card number. Unlike bank information which may be changed overnight, medical data breaches may go unnoticed for months or even years. Everything from diagnostic codes, billing information and policy credentials may be contained in a health IT portfolio, and from there, data can be sold, used to purchase drugs or even falsify insurance claims.
Prioritizing digital platforms that have robust security measures needs to be a priority among providers. This means opting for solutions that are double-encrypted and have limits on when and how data can be downloaded externally. Importantly, connectivity measures must come with high levels of interoperability. If two online systems can’t effectively share patient data, information can become manipulated, lost or vulnerable to outside threats.
Providers must also work with staff to reinforce the risks that come with using a smartphone or being negligent about privacy. Identifying new workflow efficiencies, for example, can take pressure off of a physician and minimize errors or mistakes.