Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

Top 5 HIPAA Security Risks

The HIPAA and HITECH Acts made a huge splash in the healthcare industry as organizations were forced to adapt new safeguards for protected health information, especially in regards to electronic medical records (EMRs). As hospitals migrate to electronic patient health information (ePHI), they must maintain compliance whether they use in-house servers or cloud hosting solutions.

With organizations required to report breaches affecting 500 or more patients since the final compliance date of 2006, there’s been some time to collect data. Based on the official breach reports from 2009 to mid-April 2013, here are the top 5 security risks for healthcare IT professionals as they make the switch to EMRs:

1) Theft of Laptops or Portable Devicestype-of-HIPAA_breach (1)

Despite the focus on ePHI, firewalls, encryption and other methods of thwarting e-thieves, by far the most likely breach to occur is the simple theft of equipment itself, and the easiest and most valuable item for a thief to steal is a laptop computer or smart phone. 44% of all breaches are from laptops, and 51% of all breaches are theft.

That’s not a reason to abandon the use of mobile computers by doctors and other healthcare professionals; in fact, laptop thieves are probably only interested in wiping the hard drive and selling the stolen item as fast as possible. But it does mean hospitals and practices should keep a close eye on their mobile equipment through user logins, inventoried devices, and, if possible, software that allows a stolen laptop to be located.

2) Paper Files

Another surprising piece of data reveals that paper breaches are more common than any electronic breach with the exception of laptops; nearly a quarter of all breaches are paper related. Paper breaches are most likely to occur from unauthorized access, loss, or a combination. The best solution to paper problems? Migrating to an EMR system where it is easier to keep an eye on who is accessing information and where files are more difficult to misplace.

3) Unauthorized Access/Disclosure from Devices or Paper Files

Unsurprisingly, after paper files, mobile devices, laptops and computers come next. These breaches can come anywhere, from a doctor telling a non-related individual about a patient case to an unauthorized individual reading a hallway terminal. This should be a major concern for managers because it really comes down to hiring and training good people.

Instilling the importance of patient privacy in staff is necessary to curb unauthorized access. Proper protocols for computer use (think logging off public terminals) and the placement of mobile computing devices away from prying eyes can both reduce the amount of breaches. Electronic security methods can help stop

unauthorized access, whether that means frequent changing of user passwords or the latest encryption and firewalls.

4) Loss of Paper Files or Devices

Perhaps the most difficult breach source to defend against, loss makes up 11% of all compromised PHI. Whether it’s paper files or mobile devices (it is difficult to lose an entire computer or network server), sometimes things just seem to disappear. However, some of the methods mentioned above could reduce loss, such as tracking all organization-owned devices and, of course, employee training.

5) Hacking/IT Incidents

Finally, we reach the dreaded scourge of healthcare IT: hacking and IT breaches. They just barely make the top 5 sources (if we discount “combination”), with this category representing only 6.3% of all breaches. Hacking or IT incidents can occur to computers, mobile devices or network servers, and the best way to defend against them is proper digital security.

The single biggest step an organization can take in maintaining HIPAA compliance and the integrity of ePHI is creating a step-by-step plan for the handling of patient information and training staff thoroughly on its usage. Working with a HIPAA compliant infrastructure provider can help IT departments create a confident strategy. Every bad egg can’t be eliminated—there will always be somebody who is willing to share information they shouldn’t  as well as people making honest mistakes—but with proper planning and modern technology, breaches can be minimized, reducing the risk to healthcare providers throughout the country.

By Joe Kozlowicz

Green House Data delivers high-availability cloud hosting and colocation services with 24/7 live service. Our SSAE 16 Type II and HIPAA compliant data centers are 40% more efficient than the competition and powered by 100% renewable energy. For more information visit www.greenhousedata.com

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Comic
Fully Autonomous Cars: How’s It REALLY Going To Work?

Fully Autonomous Cars: How’s It REALLY Going To Work?

Pros and Cons and What the Experts Think Science fiction meets reality, and modern civilization is excitedly looking forward to the ubiquity of self-driving cars. However, an omnipresence of fully autonomous cars won’t happen as quickly as even some hopeful experts anticipate. While the autonomous car pros versus the cons race (See infographic discovered via…

The Lighter Side Of The Cloud – Bottlenecking

The Lighter Side Of The Cloud – Bottlenecking

By David Fletcher Please feel free to share our comics via social media networks such as Twitter, Facebook, LinkedIn, Instagram, Pinterest. Clear attribution (Twitter example: via @cloudtweaks) to our original comic sources is greatly appreciated.

Recent Articles - Posted by
Fintech Systems, Advancements and Investments

Fintech Systems, Advancements and Investments

Fintech Growth According to a recent report, global investment in fintech companies including both venture-backed and non-venture-backed businesses reached $9.4 billion in the second quarter of 2016; investment in venture capital-backed fintech startups, however, fell by 49%. Nevertheless, the Pulse of Fintech, published jointly by KPMG International and CB Insights, suggests venture capital investment in…

How Identity Governance Can Secure The Cloud Enterprise

How Identity Governance Can Secure The Cloud Enterprise

Securing The Cloud Enterprise Cloud adoption is accelerating for most enterprises, and cloud computing is becoming an integral part of enterprise IT and security infrastructure. Based on current adoption trends, it’s clear that the vast majority of new applications purchased by organizations will be SaaS applications. The allure is evident, from cost savings to speed…

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data (And Why You Need To)

How To Humanize Your Data The modern enterprise is digital. It relies on accurate and timely data to support the information and process needs of its workforce and its customers. However, data suffers from a likability crisis. It’s as essential to us as oxygen, but because we don’t see it, we take it for granted.…

Do Not Rely On Passwords To Protect Your Online Information

Do Not Rely On Passwords To Protect Your Online Information

Password Challenges  Simple passwords are no longer safe to use online. John Barco, vice president of Global Product Marketing at ForgeRock, explains why it’s time the industry embraced more advanced identity-centric solutions that improve the customer experience while also providing stronger security. Since the beginning of logins, consumers have used a simple username and password to…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud: Is It Really Worth It?

Cost of the Cloud Cloud computing is more than just another storage tier. Imagine if you’re able to scale up 10x just to handle seasonal volumes or rely on a true disaster-recovery solution without upfront capital. Although the pay-as-you-go pricing model of cloud computing makes it a noticeable expense, it’s the only solution for many…

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Report: Enterprise Cloud Computing Moves Into Mature Growth Phase

Verizon Cloud Report Enterprises using the cloud, even for mission-critical projects, is no longer new or unusual. It’s now firmly established as a reliable workhorse for an organization and one that can deliver great value and drive transformation. That’s according to a new report from Verizon entitled “State of the Market: Enterprise Cloud 2016.” which…

Cloud Infographic – Big Data Analytics Trends

Cloud Infographic – Big Data Analytics Trends

Big Data Analytics Trends As data information and cloud computing continues to work together, the need for data analytics continues to grow. Many tech firms predict that big data volume will grow steadily 40% per year and in 2020, will grow up to 50 times that. This growth will also bring a number of cost…

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

The Future Of Work: What Cloud Technology Has Allowed Us To Do Better

What Cloud Technology Has Allowed Us to Do Better The cloud has made our working lives easier, with everything from virtually unlimited email storage to access-from-anywhere enterprise resource planning (ERP) systems. It’s no wonder the 2013 cloud computing research IDG survey revealed at least 84 percent of the companies surveyed run at least one cloud-based application.…

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud Are Still Going Strong

SaaS And The Cloud With the results of Cisco Global Could Index: 2013-2018 and Hosting and Cloud Study 2014, predictions for the future of cloud computing are notable. Forbes reported that spending on infrastructure-related services has increased as public cloud computing uptake spreads, and reflected on Gartner’s Public Cloud Services Forecast. The public cloud service…

The Future of M2M Technology & Opportunities

The Future of M2M Technology & Opportunities

The Future Of The Emerging M2M Here at CloudTweaks, most of our coverage is centered around the growing number of exciting and interconnected emerging markets. Wearable, IoT, M2M, Mobile and Cloud computing to name a few. Over the past couple of weeks we’ve talked about Machine to Machine (M2M) such as the differences between IoT and…