Top 5 HIPAA Security Risks As Providers Migrate To The Cloud

HIPAA Security Risks

The HIPAA and HITECH Acts made a huge splash in the healthcare industry as organizations were forced to adapt new safeguards for protected health information, especially in regards to electronic medical records (EMRs). As hospitals migrate to electronic patient health information (ePHI), they must maintain compliance whether they use in-house servers or cloud hosting solutions.

With organizations required to report breaches affecting 500 or more patients since the final compliance date of 2006, there’s been some time to collect data. Based on the official breach reports from 2009 to mid-April 2013, here are the top 5 security risks for healthcare IT professionals as they make the switch to EMRs:

1) Theft of Laptops or Portable Devices

Despite the focus on ePHI, firewalls, encryption and other methods of thwarting e-thieves, by far the most likely breach to occur is the simple theft of equipment itself, and the easiest and most valuable item for a thief to steal is a laptop computer or smart phone. 44% of all breaches are from laptops, and 51% of all breaches are theft.

That’s not a reason to abandon the use of mobile computers by doctors and other healthcare professionals; in fact, laptop thieves are probably only interested in wiping the hard drive and selling the stolen item as fast as possible. But it does mean hospitals and practices should keep a close eye on their mobile equipment through user logins, inventoried devices, and, if possible, software that allows a stolen laptop to be located.

2) Paper Files

Another surprising piece of data reveals that paper breaches are more common than any electronic breach with the exception of laptops; nearly a quarter of all breaches are paper related. Paper breaches are most likely to occur from unauthorized access, loss, or a combination. The best solution to paper problems? Migrating to an EMR system where it is easier to keep an eye on who is accessing information and where files are more difficult to misplace.

3) Unauthorized Access/Disclosure from Devices or Paper Files

Unsurprisingly, after paper files, mobile devices, laptops and computers come next. These breaches can come anywhere, from a doctor telling a non-related individual about a patient case to an unauthorized individual reading a hallway terminal. This should be a major concern for managers because it really comes down to hiring and training good people.

Instilling the importance of patient privacy in staff is necessary to curb unauthorized access. Proper protocols for computer use (think logging off public terminals) and the placement of mobile computing devices away from prying eyes can both reduce the amount of breaches. Electronic security methods can help stop

unauthorized access, whether that means frequent changing of user passwords or the latest encryption and firewalls.

4) Loss of Paper Files or Devices

Perhaps the most difficult breach source to defend against, loss makes up 11% of all compromised PHI. Whether it’s paper files or mobile devices (it is difficult to lose an entire computer or network server), sometimes things just seem to disappear. However, some of the methods mentioned above could reduce loss, such as tracking all organization-owned devices and, of course, employee training.

5) Hacking/IT Incidents

Finally, we reach the dreaded scourge of healthcare IT: hacking and IT breaches. They just barely make the top 5 sources (if we discount “combination”), with this category representing only 6.3% of all breaches. Hacking or IT incidents can occur to computers, mobile devices or network servers, and the best way to defend against them is proper digital security.

The single biggest step an organization can take in maintaining HIPAA compliance and the integrity of ePHI is creating a step-by-step plan for the handling of patient information and training staff thoroughly on its usage. Working with a HIPAA compliant infrastructure provider can help IT departments create a confident strategy. Every bad egg can’t be eliminated—there will always be somebody who is willing to share information they shouldn’t  as well as people making honest mistakes—but with proper planning and modern technology, breaches can be minimized, reducing the risk to healthcare providers throughout the country.

By Joe Kozlowicz

Green House Data delivers high-availability cloud hosting and colocation services with 24/7 live service. Our SSAE 16 Type II and HIPAA compliant data centers are 40% more efficient than the competition and powered by 100% renewable energy. For more information visit www.greenhousedata.com

Frank Suglia
Managing Data Sprawl Over the last two years, our world experienced a dramatic acceleration of digital transformation. The COVID-19 pandemic upended normal operations for many businesses and shifted the pace of technology adoption into warp ...
Gilad David Maayan
Cloud Security Posture Management Cloud Security Posture Management (CSPM) enables you to secure cloud data and resources. You can integrate CSPM into your development process, to ensure continuous visibility. CSPM is particularly beneficial for DevOps ...
Mitigation Security
Data scraping solutions When people hear the term data scraping, their first thought is often about how companies use this technology for competitive reasons – specifically to pull publicly-available data from millions of websites in ...
Jonathan Custance
IoT and cloud computing are on the increase High-profile cybersecurity breaches are increasingly in the news, a prime example being the NHS incident of May 2017 when services were brought to a standstill for several ...
Gilad David Maayan
What is Open Source Security? Open source software is now an inseparable part of most software projects. Research has estimated that as much as 90% of enterprise software is made up of open source components ...

INVESTMENT CLOUD

  • mint

    MINT

    Mint allows you to see your entire financial situation all on one screen; credit cards, savings, ISAs. investments, budgets, insurance, everything you can imagine. Mint updates and analyzes your information in real time, making judgements and suggestions on savings accounts and credit offers available. 

  • WeathFront

    WEALTHFRONT

    Wealthfront helps you invest for the long-term while introducing customizable features that are perfect just for you. They also present several Investment options that suit your interest. Asides from this, the Wealthfront software helps balance your portfolio and minimize taxes across your various investments.

  • MoneyBox

    MONEYBOX

    Moneybox is a very simple little app that helps you to save little by little. Bank level encryption protects your savings and information and the money you save can be invested in several different ways, through cash, global shares, or property shares.

  • Betterment

    Betterment

    Betterment is an online investment service aimed at maximizing investment returns, using a combination of smart automation to help invest excess cash and analyze your entire financial situation and an expert team of financial advisors and investors.