IBM News

IBM Cloud Pak for Data 2.5: Bringing open source to the core

It’s been an exciting time for IBM. We recently made the biggest software acquisition in history. Very rarely have I seen any big organization move so quickly and decisively to embrace open source and build a prescriptive methodology to modernize IT workloads. A key part of
/
How the wheels came off Facebook's Libra project

How the wheels came off Facebook’s Libra project

Support for Mark Zuckerberg mission to reshape global finance is slipping away slowly but surely When Facebook announced plans to launch a digital currency earlier this summer, it added a full-blown revolution in global finance to its typically-vaulting Silicon Valley mission statement: to create a
/
Hippa Security Risks

Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

HIPAA Security Risks

The HIPAA and HITECH Acts made a huge splash in the healthcare industry as organizations were forced to adapt new safeguards for protected health information, especially in regards to electronic medical records (EMRs). As hospitals migrate to electronic patient health information (ePHI), they must maintain compliance whether they use in-house servers or cloud hosting solutions.

With organizations required to report breaches affecting 500 or more patients since the final compliance date of 2006, there’s been some time to collect data. Based on the official breach reports from 2009 to mid-April 2013, here are the top 5 security risks for healthcare IT professionals as they make the switch to EMRs:

1) Theft of Laptops or Portable Devices

Despite the focus on ePHI, firewalls, encryption and other methods of thwarting e-thieves, by far the most likely breach to occur is the simple theft of equipment itself, and the easiest and most valuable item for a thief to steal is a laptop computer or smart phone. 44% of all breaches are from laptops, and 51% of all breaches are theft.

That’s not a reason to abandon the use of mobile computers by doctors and other healthcare professionals; in fact, laptop thieves are probably only interested in wiping the hard drive and selling the stolen item as fast as possible. But it does mean hospitals and practices should keep a close eye on their mobile equipment through user logins, inventoried devices, and, if possible, software that allows a stolen laptop to be located.

2) Paper Files

Another surprising piece of data reveals that paper breaches are more common than any electronic breach with the exception of laptops; nearly a quarter of all breaches are paper related. Paper breaches are most likely to occur from unauthorized access, loss, or a combination. The best solution to paper problems? Migrating to an EMR system where it is easier to keep an eye on who is accessing information and where files are more difficult to misplace.

3) Unauthorized Access/Disclosure from Devices or Paper Files

Unsurprisingly, after paper files, mobile devices, laptops and computers come next. These breaches can come anywhere, from a doctor telling a non-related individual about a patient case to an unauthorized individual reading a hallway terminal. This should be a major concern for managers because it really comes down to hiring and training good people.

Instilling the importance of patient privacy in staff is necessary to curb unauthorized access. Proper protocols for computer use (think logging off public terminals) and the placement of mobile computing devices away from prying eyes can both reduce the amount of breaches. Electronic security methods can help stop

unauthorized access, whether that means frequent changing of user passwords or the latest encryption and firewalls.

4) Loss of Paper Files or Devices

Perhaps the most difficult breach source to defend against, loss makes up 11% of all compromised PHI. Whether it’s paper files or mobile devices (it is difficult to lose an entire computer or network server), sometimes things just seem to disappear. However, some of the methods mentioned above could reduce loss, such as tracking all organization-owned devices and, of course, employee training.

5) Hacking/IT Incidents

Finally, we reach the dreaded scourge of healthcare IT: hacking and IT breaches. They just barely make the top 5 sources (if we discount “combination”), with this category representing only 6.3% of all breaches. Hacking or IT incidents can occur to computers, mobile devices or network servers, and the best way to defend against them is proper digital security.

The single biggest step an organization can take in maintaining HIPAA compliance and the integrity of ePHI is creating a step-by-step plan for the handling of patient information and training staff thoroughly on its usage. Working with a HIPAA compliant infrastructure provider can help IT departments create a confident strategy. Every bad egg can’t be eliminated—there will always be somebody who is willing to share information they shouldn’t  as well as people making honest mistakes—but with proper planning and modern technology, breaches can be minimized, reducing the risk to healthcare providers throughout the country.

By Joe Kozlowicz

Green House Data delivers high-availability cloud hosting and colocation services with 24/7 live service. Our SSAE 16 Type II and HIPAA compliant data centers are 40% more efficient than the competition and powered by 100% renewable energy. For more information visit www.greenhousedata.com

CloudTweaks Contributor
Leading Cloud Source Since 2009
Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services. Contact us for ways on how to contribute and support our dedicated cloud community.
follow me
The Massive Growth of the IoT Services Market

The Massive Growth of the IoT Services Market

Growth of the IoT Services While the Internet of Things has become a popular concept among tech crowds, the consumer IoT remains fragmented. Top companies ...
Daren Glenister

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent of organizations store sensitive information ...
BI Data

The Rise Of BI Data And How To Use It Effectively

The Rise of BI Data Every few years, a new concept or technological development is introduced that drastically improves the business world as a whole ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems are essential to life in ...
Sekhar Sarukkai

A Closer Look at Insider Threats and Sensitive Data in the Cloud

Sensitive Data in the Cloud A recent survey report conducted by the Cloud Security Alliance (CSA) revealed that  sensitive data in the cloud had reached ...
It Programs Compressor