Healthcare Data: Not as Secure as You Think

Federal law in many countries, including the United States, protects personal healthcare data. In fact, you can’t even get access to a family member’s healthcare data without that family member’s written permission. Unfortunately, those limitations do not apply to hackers who frequently take what they want without permission—and if they don’t get caught, without any repercussions.

The State of Healthcare Data Protection

A recent survey has raised concerns. According to the study, the great majority (76%) of medical facilities felt their online security was sufficient to protect patient data. The facts were quite different. Consider some disturbing stats:

• Only about 3 in 5 facilities even bothered to encrypt their email.
• Less than half of facilities encrypted network-shared files.
• Only about 1 in 3 pieces of encrypted data was stored online in the cloud.

Facilities claim that data protection is important, and that loss of data is high on the list of security concerns. However, at the same time, many facilities are cutting IT budgets, making it tougher for IT professionals to keep data safe.

How to Protect Your Practice

Protecting your health practice comes down to good technology habits. Your employees need to be trained to use secure passwords, to avoid shady Internet sites (pirating sites, pornography, etc.) while on company devices, and to be careful about clicking on links in emails. Besides that, however, a good IT team is important for ensuring that data is encrypted when it needs to be. At least then, hackers only get gibberish if they get into the system.

For most medical facilities, this means hiring an outside firm. Consultants who come in only when you need them are often a much more cost-efficient solution for a facility, versus having a full-time in-house IT department. In a world where medical practices often have to cut their IT budget, using outside consultants is a great way to make sure that their budget is stretched as far as possible. After all, most medical facilities do not require tech support on a daily basis. Good practices, like firewalls and encryption, only need to be maintained from time to time in order to increase healthcare data security significantly.