Healthcare Information Systems: The Inherent Security Risks
There’s no doubting the fact that the use of computers and information systems in the healthcare industry is a good thing – we’re able to store vast amounts of information practically forever, we’re able to sort this data according to categories and retrieve it whenever necessary, we’re able to use it to help treat patients more effectively and accurately, we’re able to create standards and uniform codes that make such systems universally acceptable, and so on. But there’s one aspect of computer systems that poses a threat to the concept of patient privacy and confidentiality of records – the security or lack of it.
Most hospitals and healthcare settings are focused on treating their patients and saving their lives, and in the process, forget about the need to adhere by the Health Insurance Portability and Accountability Act (HIPAA) of 2003 which mandates the encryption of electronically protected health information (EPHI) that’s stored on open networks like notebook computers and portable memory devices.
Recent surveys have proved that data is lost not only through willful theft by hackers, but also by careless employees who misplace laptops and are irresponsible with the security of codes and passwords that provide access to important patient information. Besides this, healthcare facilities are not equipped with both the know-how and the wherewithal to deal with security breaches, if and when they do occur.
There’s no sense of urgency to deal with these issues, as they do not feature in any hospital’s list of critically important things to do. Most organizations are not even able to manage their computer assets – software, applications and people who operate and are responsible for the maintenance and management – efficiently, leave alone protect them and the databases they hold and manage.
Most hospitals have computers all over the place, and these systems are hooked to the main database and have access to every other part of the system. This means that no data is secure, and potential intruders could steal information from unmanned stations. To prevent this from happening, access must be provided only on a need-to-know basis, with authentication codes protecting data that is sensitive and private.
Asset recovery and tracking measures should also be in place and most important of all, procedures should be established both to protect data and to take damage-control measures if security is breached.
The biggest security threat from lost data is that of identity theft where crooks either assume your identity or sell it to other criminals who are looking to shed their old persona and take on a new identity. A hospital setting is ideal for stealing information because it’s one place where people do not pay much attention to data security. This is a situation that must change, and healthcare facilities must identify their risks and take appropriate action.
