Medical Data in the Cloud
Executive-level healthcare leaders must have a thorough understanding of cloud-based security risks. Patient data can vary from simple information such as height and weight to complex genetic markers that can predict the likelihood of developing conditions like cancer or Alzheimer’s Disease. While some information is more valuable to hackers than others, you need to understand and be prepared to deal with any security breaches that may arise in your facility.
There are myriad benefits and challenges that come with doctors and other healthcare professionals using electronic medical records. Protected health information is often stored in the data cloud and connects multiple organizations and providers to the patient when they need to make care decisions. Many experts believe that sending and storing medical data in the cloud improves the overall delivery system of the healthcare industry. However, it comes with some serious risks for the patient, providers, and even the healthcare facility as a whole.
Understanding the Issue
If you’re in charge of healthcare data or clinicians who create, document, and save this vital information, you need to understand the real value of a patient’s medical record. Hackers are everywhere and continually search for new ways to gain access to personal information. On the black market, a credit card number is sold for about 25 cents, and a single social security number is only worth about 10 cents. However, one entire medical record, which contains demographics, past addresses, employment information, and financial data is worth hundreds or even thousands of dollars to cyber-criminals.
Most facilities know how important it is to securely store physical medical documents and then shred them properly in compliance with HIPAA when the time comes. But because almost all protected healthcare information is electronic these days, clinicians and administrators must be extra prepared to implement processes, identify workarounds, and correct any risks for data breaches they identify. Some hospitals have created solutions such as charting patient details into an Excel spreadsheet at the point of care. This data will be transcribed into the electronic medical record later. This is just a short-term solution to a long-term problem, and it comes with its own set of security risks even when working on encrypted computers or tablets.
Healthcare professionals like doctors, nurse practitioners, and therapists must be aware of the risks and make smart decisions when it comes to patient data stored in the cloud. Organizations such as the American Health Information Management Association (AHIMA) has called for standards for content and documentation, continuous quality improvement, and consumer education to bring more awareness to the inherent risks of cloud-based storage of healthcare information. All data is valuable to hackers, but some forms of data pose a greater threat to the lives of the patient if placed in the wrong hands.
Genomics Broadens the Issue
Studying genetic factors has only been around for about a half-century. In the 1990s, the National Institutes of Health and the Department of Energy partnered to sequence a complete set of DNA in the body, commonly known as the Human Genome Project. Today, this research has discovered more than 1,800 disease genes and over 2,000 genetic tests for human conditions. The advancements in human genetics are impressive. However, cloud storage is improving the sequencing of human DNA by providing access to large data sets, reducing the cost of predictive genomics, and increasing the quality of research.
The dangers of storing genetic data on the cloud are just as palpable as the advancements. DNA stored on the cloud is de-identified, but this may not be a fool-proof way to keep information secure. Large quantities of genetic information are uploaded daily, creating an increased risk of identity theft and even leaving some people vulnerable to discrimination by insurers and employers, if the wrong people obtained their genetic information. These risks have created a significant need for well-trained IT personnel with degrees in cybersecurity.
Looking for a Solution
As an executive-level administrator, you need to determine how you will respond when you’re facility or agency is hit with disastrous consequences of storing health-related data on the cloud. One way of planning for both human-made or natural disasters that could leave your data vulnerable is by developing a business disaster recovery plan that will protect your consumer’s information.
Developing a plan for health data must include details such as education for all staff members on phishing scams and other methods hackers use to access data. You may even want to consider using a traditional backup, such as a physical server onsite for data storage of critical information.
Along with your plan, make sure to research every vendor you use before you purchase any technology, hardware, or software. Ask the vendor about their encryption and be sure your browser and any apps you use are encrypted before uploading and downloading data. If your cloud-based storage is hacked, know your plan for addressing the breach. Include details such as notifying any government or regulatory agencies, patients, and how to address public scrutiny. Being prepared for any data-breach is at least half the battle of helping your institution survive any legal and financial backlash that might happen.
Keeping Your Institution’s and Consumer’s Information Safe
Healthcare administrators must be more tech-savvy today than ever before. Whether your institution uses an electronic health record for patient documentation or you’re involved in research that utilizes big data to improve the care of patients, you must be in-the-know about your responsibilities and risks at all times. Use this information to create a plan to keep your facility’s data secure and out of the hands of hackers.
By Sam Bowman