Technology poses a constant dilemma.
On one hand, it makes our lives easier and, in many cases, more efficient. However, it also leaves those who don’t understand or respect data security vulnerable to thieves, and the healthcare industry is a place where this reality rings especially true.
Believe it or not, healthcare data security laws have been on the books for quite a while. But what’s a law without enforcement? As a consequence of the Affordable Care Act, the government is now enforcing the data security laws, and major fines are being levied against noncompliant organizations.
Take the Hospice of North Idaho, for example. When one of its laptops carrying the health information of 441 patients was stolen, it cost the organization upwards of $50,000 in Department of Health and Human Services fines.
In terms of data breaches, this fine — which mirrored the size of the breach itself — is relatively small, but with this ruling, the HHS was sending a clear message: Whatever the size of the breach or company, it’s no longer optional to encrypt your electronic patient data.
Advanced Technology Requires Advanced Safeguards
There’s no doubt that information technology advancements have been highly beneficial to healthcare. Doctors are now able to send information to colleagues and providers at a much faster rate than in the days of paper charts, resulting in more efficient patient care. Indeed, smartphones and tablets are improving nearly every aspect of the healthcare system.
However, this advancement also creates risk. For example, before electronic health records, physical access was required to retrieve vital records. Now, a hacker can potentially break into a system remotely and steal patient information.
It’s an intimidating thought, and when you couple it with HIPAA/HITECH fines that can reach well into the millions, it’s easy to miss the days of paper records and locked file cabinets.
The Ease and Importance of Encryption
No organization is immune to the threat of security breaches, but implementing data encryption is a major safeguard that will protect confidential patient information and your organization’s reputation. Here are two important reasons to encrypt your data:
- It’s easy. As more healthcare organizations take the necessary steps to secure data, more security companies are stepping in to streamline the process. Security is good business, which means people are competing to provide the best, most convenient solutions.
- It’s cheaper. There’s one very important thing to remember about companies that are fined under the HIPAA/HITECH regulations: If they had encrypted their stolen data, they would have been protected from possible fines. If your information is stolen but was properly encrypted, you can escape these costly fines. However, even without government involvement, failing to encrypt is an expensive prospect. It will not only damage your reputation in the eyes of potential business partners and patients, but it will also produce lawsuits as a result of stolen data, which can quickly accrue expenses.
The good news is that security advancements are keeping pace with the advancement of information technology, and implementing encryption for patient data is no longer all that different from adding an extra lock to a filing cabinet.
Here are three concrete steps you can take to secure your patient data:
- Full Disk Encryption
This is the digital equivalent of putting a deadbolt on your records room. It’s also what you need to receive safe harbor from HIPAA fines in the event of a lost or stolen device containing sensitive data. It’s vital to ensure your encryption has FIPS-140-2 validation because encryptions solutions without it aren’t covered under safe harbor.
- File Encryption
If full disk encryption is the deadbolt, file encryption is the secret code. This second line of defense will ensure that even if a hacker gains access to sensitive information, it’s very unlikely he’ll be able to read any of it.
It’s crucial that you have a system put in place to track where these files go and who has access to them. Without a predetermined way to keep track of them, digital copies can easily get lost in the system.
- Mobile Security
Tablets and smartphones can make accessing and modifying patient information incredibly easy, but when it comes to security, they’re highly susceptible to hackers.
It’s crucial that there’s a central control of all medical mobile devices, as well as a way to verify that encryption is enabled on all remote technology. If a phone gets lost or stolen, you can verify that your data is safe.
Safeguarding patient data is no longer optional. From government fines to customer rapport, encryption can save you from a lot of financial and branding pain. Luckily, encryption and data security are becoming easier for IT professionals and end users alike to manage, and as more healthcare organizations implement it, it will only improve. Take the easier path, and start encrypting today.