Medical Data Online: What Are the Risks?

Medical Data in the Cloud

Executive-level healthcare leaders must have a thorough understanding of cloud-based security risks. Patient data can vary from simple information such as height and weight to complex genetic markers that can predict the likelihood of developing conditions like cancer or Alzheimer’s Disease. While some information is more valuable to hackers than others, you need to understand and be prepared to deal with any security breaches that may arise in your facility.

There are myriad benefits and challenges that come with doctors and other healthcare professionals using electronic medical records. Protected health information is often stored in the data cloud and connects multiple organizations and providers to the patient when they need to make care decisions. Many experts believe that sending and storing medical data in the cloud improves the overall delivery system of the healthcare industry. However, it comes with some serious risks for the patient, providers, and even the healthcare facility as a whole.

Medical Data in the Cloud

Understanding the Issue

If you’re in charge of healthcare data or clinicians who create, document, and save this vital information, you need to understand the real value of a patient’s medical record. Hackers are everywhere and continually search for new ways to gain access to personal information. On the black market, a credit card number is sold for about 25 cents, and a single social security number is only worth about 10 cents. However, one entire medical record, which contains demographics, past addresses, employment information, and financial data is worth hundreds or even thousands of dollars to cyber-criminals.

Most facilities know how important it is to securely store physical medical documents and then shred them properly in compliance with HIPAA when the time comes. But because almost all protected healthcare information is electronic these days, clinicians and administrators must be extra prepared to implement processes, identify workarounds, and correct any risks for data breaches they identify. Some hospitals have created solutions such as charting patient details into an Excel spreadsheet at the point of care. This data will be transcribed into the electronic medical record later. This is just a short-term solution to a long-term problem, and it comes with its own set of security risks even when working on encrypted computers or tablets.

Healthcare professionals like doctors, nurse practitioners, and therapists must be aware of the risks and make smart decisions when it comes to patient data stored in the cloud. Organizations such as the American health Information Management Association (AHIMA) has called for standards for content and documentation, continuous quality improvement, and consumer education to bring more awareness to the inherent risks of cloud-based storage of healthcare information. All data is valuable to hackers, but some forms of data pose a greater threat to the lives of the patient if placed in the wrong hands.

Genomics Broadens the Issue

Studying genetic factors has only been around for about a half-century. In the 1990s, the National Institutes of Health and the Department of Energy partnered to sequence a complete set of DNA in the body, commonly known as the Human Genome Project. Today, this research has discovered more than 1,800 disease genes and over 2,000 genetic tests for human conditions. The advancements in human genetics are impressive. However, cloud storage is improving the sequencing of human DNA by providing access to large data sets, reducing the cost of predictive genomics, and increasing the quality of research.

The dangers of storing genetic data on the cloud are just as palpable as the advancements. DNA stored on the cloud is de-identified, but this may not be a fool-proof way to keep information secure. Large quantities of genetic information are uploaded daily, creating an increased risk of identity theft and even leaving some people vulnerable to discrimination by insurers and employers, if the wrong people obtained their genetic information. These risks have created a significant need for well-trained IT personnel with degrees in cybersecurity.

Looking for a Solution

As an executive-level administrator, you need to determine how you will respond when you’re facility or agency is hit with disastrous consequences of storing health-related data on the cloud. One way of planning for both human-made or natural disasters that could leave your data vulnerable is by developing a business disaster recovery plan that will protect your consumer’s information.

Developing a plan for health data must include details such as education for all staff members on phishing scams and other methods hackers use to access data. You may even want to consider using a traditional backup, such as a physical server onsite for data storage of critical information.

Along with your plan, make sure to research every vendor you use before you purchase any technology, hardware, or software. Ask the vendor about their encryption and be sure your browser and any apps you use are encrypted before uploading and downloading data. If your cloud-based storage is hacked, know your plan for addressing the breach. Include details such as notifying any Government or regulatory agencies, patients, and how to address public scrutiny. Being prepared for any data-breach is at least half the battle of helping your institution survive any legal and financial backlash that might happen.

Keeping Your Institution’s and Consumer’s Information Safe

Healthcare administrators must be more tech-savvy today than ever before. Whether your institution uses an electronic health record for patient documentation or you’re involved in research that utilizes big data to improve the care of patients, you must be in-the-know about your responsibilities and risks at all times. Use this information to create a plan to keep your facility’s data secure and out of the hands of hackers.

By Sam Bowman

Cloud Image Migration
Effective Cloud Migration Monitoring The global pandemic witnessed the digital transformation of businesses in the cloud.  Today, even as the world resumes to normal, the end-to-end innovation in business strategies has kept the momentum going ...
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Rakesh Soni
Businesses now see the cloud as a standard, and they are always on a hunt for ways to leverage the cloud to its full potential. And if enterprises need to be competitive in the ever-expanding ...
Louis
Real-time Enterprise Software Data Enterprise software startups are capitalizing on real-time data to continually improve revenue, costs, cash flow, marketing, and sales as their business grows. The majority of software startup CEOs spoken with have ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.