Security Policies to Follow to Protect Patient Data

Home > Electronic Health Record > Security Policies to Follow to Protect Patient Data

Perhaps the largest concern regarding the digitalization of patient information is data security. Made available using health information exchanges (HIEs) and databases, information is left considerably more vulnerable. The Ponemon Institute is an establishment, known for conducting research regarding the privacy and security of data. The research is meant to aid organizations in expanding their defensive initiatives. Their Fourth Annual Benchmark Study on Patient Privacy and Data Security surveyed healthcare networks, hospitals, and clinics, and was released on March 12th, 2014.

The survey showed:

  • The number of organizations with more than five data breaches has decreased.
  • The cost of data breaches decreased by close to $400,000 as compared to the previous year.
  • 70% of organizations believe that insecure websites, databases, etc. are the reason that healthcare reform seems risky.
  • 33% of healthcare organizations are uninterested in joining HIEs due to the potential risk to patient information.
  • 75% of organizations consider employee negligence to be at the root of the problem.
  • There has been a 100% increase in attacks on healthcare information systems since 2010.

Organizations are primarily apprehensive about insecure information exchange across technology. 90% of all healthcare organizations experienced a minimum of one data breach in the last 2 years and 35% reported more than 5 breaches. Although there has been a decrease in breaches from the previous year (45%), it’s still an issue that must be attended to.

A 2013 article by Bill Kleyman on HealthITSecurity.com explains how following a few basic security policies can allay these concerns:

  1. Enforcing policies: Though many security policies are in place, they may not always be strongly enforced. Weak passwords or insecure USB ports can lead to data breaches.
  2. Physical security: Digital security isn’t the only concern. If someone were to steal a backup disk, a data breach has occurred. Though physical barriers may be expensive, their protection of patient data will be a good investment.
  3. Next-generation security: Technology such as firewalls and intrusion detection systems (IDS) could be key to minimizing data breaches.
  4. Locking down the endpoint: Data is no longer confined to desktop computers and laptops. Information can now be accessed through mobile devices such as cell phones and computers. Therefore, steps must be taken to ensure that these devices don’t increase security risks.

Author: Apoorva Anupindi

4 thoughts on “Security Policies to Follow to Protect Patient Data

  1. It’s good to be reminded that updates in technology also require updates in security. These basic security policies need to be implemented in order to protect patient information.

  2. Identity security is something every person should be concerned with. Your personal information needs to be secure and this includes Healthcare Data. Remember, health data does not just include health conditions, but insurance information as well. Thank you PrognoCIS for taking interest in patient data security.

  3. Patient health info/data security is an adamant tool to have. When you have access to all of your personal health information, and you are able to exchange data via message through an EMR to your physician, that private conversation or dialogue is just as sensitive and stone-wall protected, as if you are physically in your doctor’s office. It is good to know that the PrognoCIS EMR offers this secure form of protection throughout their EMR.

  4. If the rewards of stealing health data are great enough, then theoretically there is always a way around whatever security defenses have been put in place. However, by having a secure, certified EMR system such as PrognoCIS and by following diligently the above listed policies, one can begin to make it un-economical for the would be data thief and they will go look somewhere else, where the defenses are weaker.

Leave a Reply