Medical Data Online: What Are the Risks?

Sam Bowman

Medical Data in the Cloud

Executive-level healthcare leaders must have a thorough understanding of cloud-based security risks. Patient data can vary from simple information such as height and weight to complex genetic markers that can predict the likelihood of developing conditions like cancer or Alzheimer’s Disease. While some information is more valuable to hackers than others, you need to understand and be prepared to deal with any security breaches that may arise in your facility.

There are myriad benefits and challenges that come with doctors and other healthcare professionals using electronic medical records. Protected health information is often stored in the data cloud and connects multiple organizations and providers to the patient when they need to make care decisions. Many experts believe that sending and storing medical data in the cloud improves the overall delivery system of the healthcare industry. However, it comes with some serious risks for the patient, providers, and even the healthcare facility as a whole.

Medical Data in the Cloud

Understanding the Issue

If you’re in charge of healthcare data or clinicians who create, document, and save this vital information, you need to understand the real value of a patient’s medical record. Hackers are everywhere and continually search for new ways to gain access to personal information. On the black market, a credit card number is sold for about 25 cents, and a single social security number is only worth about 10 cents. However, one entire medical record, which contains demographics, past addresses, employment information, and financial data is worth hundreds or even thousands of dollars to cyber-criminals.

Most facilities know how important it is to securely store physical medical documents and then shred them properly in compliance with HIPAA when the time comes. But because almost all protected healthcare information is electronic these days, clinicians and administrators must be extra prepared to implement processes, identify workarounds, and correct any risks for data breaches they identify. Some hospitals have created solutions such as charting patient details into an Excel spreadsheet at the point of care. This data will be transcribed into the electronic medical record later. This is just a short-term solution to a long-term problem, and it comes with its own set of security risks even when working on encrypted computers or tablets.

Healthcare professionals like doctors, nurse practitioners, and therapists must be aware of the risks and make smart decisions when it comes to patient data stored in the cloud. Organizations such as the American health Information Management Association (AHIMA) has called for standards for content and documentation, continuous quality improvement, and consumer education to bring more awareness to the inherent risks of cloud-based storage of healthcare information. All data is valuable to hackers, but some forms of data pose a greater threat to the lives of the patient if placed in the wrong hands.

Genomics Broadens the Issue

Studying genetic factors has only been around for about a half-century. In the 1990s, the National Institutes of Health and the Department of Energy partnered to sequence a complete set of DNA in the body, commonly known as the Human Genome Project. Today, this research has discovered more than 1,800 disease genes and over 2,000 genetic tests for human conditions. The advancements in human genetics are impressive. However, cloud storage is improving the sequencing of human DNA by providing access to large data sets, reducing the cost of predictive genomics, and increasing the quality of research.

The dangers of storing genetic data on the cloud are just as palpable as the advancements. DNA stored on the cloud is de-identified, but this may not be a fool-proof way to keep information secure. Large quantities of genetic information are uploaded daily, creating an increased risk of identity theft and even leaving some people vulnerable to discrimination by insurers and employers, if the wrong people obtained their genetic information. These risks have created a significant need for well-trained IT personnel with degrees in cybersecurity.

Looking for a Solution

As an executive-level administrator, you need to determine how you will respond when you’re facility or agency is hit with disastrous consequences of storing health-related data on the cloud. One way of planning for both human-made or natural disasters that could leave your data vulnerable is by developing a business disaster recovery plan that will protect your consumer’s information.

Developing a plan for health data must include details such as education for all staff members on phishing scams and other methods hackers use to access data. You may even want to consider using a traditional backup, such as a physical server onsite for data storage of critical information.

Along with your plan, make sure to research every vendor you use before you purchase any technology, hardware, or software. Ask the vendor about their encryption and be sure your browser and any apps you use are encrypted before uploading and downloading data. If your cloud-based storage is hacked, know your plan for addressing the breach. Include details such as notifying any Government or regulatory agencies, patients, and how to address public scrutiny. Being prepared for any data-breach is at least half the battle of helping your institution survive any legal and financial backlash that might happen.

Keeping Your Institution’s and Consumer’s Information Safe

Healthcare administrators must be more tech-savvy today than ever before. Whether your institution uses an electronic health record for patient documentation or you’re involved in research that utilizes big data to improve the care of patients, you must be in-the-know about your responsibilities and risks at all times. Use this information to create a plan to keep your facility’s data secure and out of the hands of hackers.

By Sam Bowman

Episode 6: Cloud Migration: Why It’s More Important Than Ever

The Importance of Cloud Migration Moving fully to the cloud is still a concern for ...

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...

Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study

An interview with Johan Christenson, CEO of CityNetwork With the world focusing on the big ...
Torsten

Five Ways to Secure Access to Web Workloads

Secure Access to Cloud Workloads Organizations are increasingly moving their workloads to the cloud to achieve greater agility, flexibility, and cost savings. That’s a major ...
Mark Barrenechea

Introducing the Information Advantage

Technology. Information. Disruption. The world is moving faster than ever before at unprecedented scale. Businesses today are operating in the next industrial revolution, and the ...
Human Resources

Web Optimization Could Transform Your Organization – A Cost Containment Strategy

A Cost Containment Strategy With more and more resources available in the cloud, it’s easy to lose track of your costs and handicap the whole ...
Kokumai

Identity Assurance – Sufficient and Necessary Conditions

Identity Assurance It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is ...
David Friend

Tech Evolution – Why Multi-Cloud Will Win

Why Multi-Cloud Will Win When I was growing up in the 1970’s, IBM ruled the roost in corporate data centers. If you walked into a ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is ...
Hamza Seqqat

The Benefits of Virtualizing SD-WAN and Security

Benefits of Virtualizing SD-WAN As more companies adopt SD-WAN technology to enhance the agility of their networking architecture, they must give strong consideration to how ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses ...
Or Lenchner

Destination IPPN: why the travel sector must harness a global IP proxy network

Destination IPPN While massive growth in the travel sector has been predicted, the digital environment has also massively upped competition amongst service providers, keen to ...
Yuri Sagalov

IT Culture Clash Where Employees Use Multiple Devices To Collaborate

Employees use multiple devices to collaborate It used to be that company IT decision makers could simply dictate the software that business units would use ...