The Lighter Side Of The Cloud – Cloud Holiday
The Lighter Side Of The Cloud – Falling Behind
The Lighter Side Of The Cloud – Staff Notice Board
The Lighter Side Of The Cloud – Brain Cramp
The Lighter Side Of The Cloud – Dark Clouds
Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

Top 5 HIPAA Security Risks As Providers Migrate to the Cloud

The HIPAA and HITECH Acts made a huge splash in the healthcare industry as organizations were forced to adapt new safeguards for protected health information, especially in regards to electronic medical records (EMRs). As hospitals migrate to electronic patient health information (ePHI), they must maintain compliance whether they use in-house servers or cloud hosting solutions.

With organizations required to report breaches affecting 500 or more patients since the final compliance date of 2006, there’s been some time to collect data. Based on the official breach reports from 2009 to mid-April 2013, here are the top 5 security risks for healthcare IT professionals as they make the switch to EMRs:

1) Theft of Laptops or Portable Devicestype-of-HIPAA_breach (1)

Despite the focus on ePHI, firewalls, encryption and other methods of thwarting e-thieves, by far the most likely breach to occur is the simple theft of equipment itself, and the easiest and most valuable item for a thief to steal is a laptop computer or smart phone. 44% of all breaches are from laptops, and 51% of all breaches are theft.

That’s not a reason to abandon the use of mobile computers by doctors and other healthcare professionals; in fact, laptop thieves are probably only interested in wiping the hard drive and selling the stolen item as fast as possible. But it does mean hospitals and practices should keep a close eye on their mobile equipment through user logins, inventoried devices, and, if possible, software that allows a stolen laptop to be located.

2) Paper Files

Another surprising piece of data reveals that paper breaches are more common than any electronic breach with the exception of laptops; nearly a quarter of all breaches are paper related. Paper breaches are most likely to occur from unauthorized access, loss, or a combination. The best solution to paper problems? Migrating to an EMR system where it is easier to keep an eye on who is accessing information and where files are more difficult to misplace.

3) Unauthorized Access/Disclosure from Devices or Paper Files

Unsurprisingly, after paper files, mobile devices, laptops and computers come next. These breaches can come anywhere, from a doctor telling a non-related individual about a patient case to an unauthorized individual reading a hallway terminal. This should be a major concern for managers because it really comes down to hiring and training good people.

Instilling the importance of patient privacy in staff is necessary to curb unauthorized access. Proper protocols for computer use (think logging off public terminals) and the placement of mobile computing devices away from prying eyes can both reduce the amount of breaches. Electronic security methods can help stop

unauthorized access, whether that means frequent changing of user passwords or the latest encryption and firewalls.

4) Loss of Paper Files or Devices

Perhaps the most difficult breach source to defend against, loss makes up 11% of all compromised PHI. Whether it’s paper files or mobile devices (it is difficult to lose an entire computer or network server), sometimes things just seem to disappear. However, some of the methods mentioned above could reduce loss, such as tracking all organization-owned devices and, of course, employee training.

5) Hacking/IT Incidents

Finally, we reach the dreaded scourge of healthcare IT: hacking and IT breaches. They just barely make the top 5 sources (if we discount “combination”), with this category representing only 6.3% of all breaches. Hacking or IT incidents can occur to computers, mobile devices or network servers, and the best way to defend against them is proper digital security.

The single biggest step an organization can take in maintaining HIPAA compliance and the integrity of ePHI is creating a step-by-step plan for the handling of patient information and training staff thoroughly on its usage. Working with a HIPAA compliant infrastructure provider can help IT departments create a confident strategy. Every bad egg can’t be eliminated—there will always be somebody who is willing to share information they shouldn’t  as well as people making honest mistakes—but with proper planning and modern technology, breaches can be minimized, reducing the risk to healthcare providers throughout the country.

By Joe Kozlowicz

Green House Data delivers high-availability cloud hosting and colocation services with 24/7 live service. Our SSAE 16 Type II and HIPAA compliant data centers are 40% more efficient than the competition and powered by 100% renewable energy. For more information visit www.greenhousedata.com

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

One Response to Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

  1. Very interesting article that outlines the biggest risks when dealing with PHI.  I think a large majority of organizations have trouble understanding the requirements associated with HIPAA compliance.  Especially with the expansion of HIPAA in the new Omnibus Rule that extends specific requirements and liability to Business Associates.  This is why my company, Accountable, is building a platform to help organizations manage their HIPAA compliance easily.  Safeguarding against security risks is only one way to prevent the government from finding your organization to be in HIPAA compliance.
    Kevin Henry, Founder – Accountable
    http://accountablehq.com

Recent

Wearable Tech Jobs Of The Future

Wearable Tech Jobs Of The Future

Wearable Tech Jobs Wearable Technology is a very exciting industry and the sky’s the limit with new possibilities for businesses and consumers. The new technologies will make our lives easier in terms of convenience, while in other ways more complicated due to learning curve of each new product. Lets take a look at wearable tech in…

How M2M Differs From IoT Internet of Things

How M2M Differs From IoT Internet of Things

What Is M2M Machine To Machine? When it comes to communications between machines, the terms Machine to Machine (M2M) and the Internet of Things (IoT) are seemingly similar to each other. In fact, there is a very strong connection between both terms which is why they are often used as the same. However, that is…

Cloud Infographic – Top Vulnerable Applications

Cloud Infographic – Top Vulnerable Applications

Top Vulnerable Applications  As you use the Internet on a daily basis, you probably come across cyber security topics, but rarely glance at them twice. After all, cyber security threats don’t concern you, right? Well, that’s not exactly true. Cyber attacks are more widespread than you can imagine and they may be targeting your devices as…

Popular Archives

Three Factors for Choosing Your Long-term Cloud Strategy

Three Factors for Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

How The Cloud Is Changing Disaster Recovery

How The Cloud Is Changing Disaster Recovery

How the Cloud is Changing Disaster Recovery Anyone who is a regular reader of this site will know about the cloud’s numerous benefits. Using the cloud can provide businesses with cost-effective resource usage, rapid provisioning, easy scalability and flexible elasticity – benefits that simply don’t exist when using local on-site servers and services. One of…

Sponsors

The Many Hats Of Today’s IT Managers

The Many Hats Of Today’s IT Managers

The Many Hats of IT Managers In years past, the IT department of most large organizations was much like a version of Middle Earth: a mysterious nether world where people who seemed infinitely smarter than the rest of us bustled around, speaking and typing languages that appeared indecipherable, yet, which made our world work. They…

Selling Your Business To Your Employees

Selling Your Business To Your Employees

Mobility For Your Employees It may seem a radical notion, the idea of selling your business to the people who work for you, but this is the era in which we now work. Employees of all levels are all incredibly aware of their options when it comes to mobility and employability. This doesn’t mean that…

Established in 2009

CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

CloudTweaks Comic Library

Advertising