Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

HIPAA Security Risks

The HIPAA and HITECH Acts made a huge splash in the healthcare industry as organizations were forced to adapt new safeguards for protected health information, especially in regards to electronic medical records (EMRs). As hospitals migrate to electronic patient health information (ePHI), they must maintain compliance whether they use in-house servers or cloud hosting solutions.

With organizations required to report breaches affecting 500 or more patients since the final compliance date of 2006, there’s been some time to collect data. Based on the official breach reports from 2009 to mid-April 2013, here are the top 5 security risks for healthcare IT professionals as they make the switch to EMRs:

1) Theft of Laptops or Portable Devices

Despite the focus on ePHI, firewalls, encryption and other methods of thwarting e-thieves, by far the most likely breach to occur is the simple theft of equipment itself, and the easiest and most valuable item for a thief to steal is a laptop computer or smart phone. 44% of all breaches are from laptops, and 51% of all breaches are theft.

That’s not a reason to abandon the use of mobile computers by doctors and other healthcare professionals; in fact, laptop thieves are probably only interested in wiping the hard drive and selling the stolen item as fast as possible. But it does mean hospitals and practices should keep a close eye on their mobile equipment through user logins, inventoried devices, and, if possible, software that allows a stolen laptop to be located.

2) Paper Files

Another surprising piece of data reveals that paper breaches are more common than any electronic breach with the exception of laptops; nearly a quarter of all breaches are paper related. Paper breaches are most likely to occur from unauthorized access, loss, or a combination. The best solution to paper problems? Migrating to an EMR system where it is easier to keep an eye on who is accessing information and where files are more difficult to misplace.

3) Unauthorized Access/Disclosure from Devices or Paper Files

Unsurprisingly, after paper files, mobile devices, laptops and computers come next. These breaches can come anywhere, from a doctor telling a non-related individual about a patient case to an unauthorized individual reading a hallway terminal. This should be a major concern for managers because it really comes down to hiring and training good people.

Instilling the importance of patient privacy in staff is necessary to curb unauthorized access. Proper protocols for computer use (think logging off public terminals) and the placement of mobile computing devices away from prying eyes can both reduce the amount of breaches. Electronic security methods can help stop

unauthorized access, whether that means frequent changing of user passwords or the latest encryption and firewalls.

4) Loss of Paper Files or Devices

Perhaps the most difficult breach source to defend against, loss makes up 11% of all compromised PHI. Whether it’s paper files or mobile devices (it is difficult to lose an entire computer or network server), sometimes things just seem to disappear. However, some of the methods mentioned above could reduce loss, such as tracking all organization-owned devices and, of course, employee training.

5) Hacking/IT Incidents

Finally, we reach the dreaded scourge of healthcare IT: hacking and IT breaches. They just barely make the top 5 sources (if we discount “combination”), with this category representing only 6.3% of all breaches. Hacking or IT incidents can occur to computers, mobile devices or network servers, and the best way to defend against them is proper digital security.

The single biggest step an organization can take in maintaining HIPAA compliance and the integrity of ePHI is creating a step-by-step plan for the handling of patient information and training staff thoroughly on its usage. Working with a HIPAA compliant infrastructure provider can help IT departments create a confident strategy. Every bad egg can’t be eliminated—there will always be somebody who is willing to share information they shouldn’t  as well as people making honest mistakes—but with proper planning and modern technology, breaches can be minimized, reducing the risk to healthcare providers throughout the country.

By Joe Kozlowicz

Green House Data delivers high-availability cloud hosting and colocation services with 24/7 live service. Our SSAE 16 Type II and HIPAA compliant data centers are 40% more efficient than the competition and powered by 100% renewable energy. For more information visit www.greenhousedata.com

Gary Bernstein
AI-powered identity verification Even if you don’t want to admit it, doing business online in today’s environment poses a greater risk. Criminals are constantly on the lookout for vulnerabilities to exploit, including hacking, data breaches, ...
Ronald van Loon
In 2030, AI will likely contribute around $15.7 trillion to the global economy. Organizations that invest significantly in AI and leverage practices that accelerate and scale AI development have been shown to gain the highest ROI from AI ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Ron Cadwell
Net Zero Emissions Designs Sustainability has become an increasingly frequent topic of discussion for data center operators, with many pledging to be carbon-free as soon as 2030. But are these commitments a response to the ...
Tiago Ramalho
More equitable future for food distribution with AI At best, only 70% of food gets used in the United States. The rest goes to waste. Although devastating, the good news is this massive waste of ...

Get Smarter

Whether you're just starting out in the online industry or looking to take your skills to the next level, Get Smarter eLearning platform is the perfect choice for you. Sign up today and start your journey towards online success!

Use code LEARN15 to enjoy 15% off all courses.