Time for your Practice to Revisit your Security Standards

Does your practice have safeguards in place to protect your HIPAA sensitive information? Has your practice participated in security training or conducted a Risk Assessment. Do you have a mitigation plan in place if your practice does experience a breach in your data? These are all important and relevant questions to be asking yourself as a provider moving into the New Year. According to a recent report released by Experian, the potential cost of breaches for the healthcare industry could be as much as $5.6 billion annually in 2015.

Experian’s almanac predicts a stormy forecast is ahead for the healthcare industry as the threats are growing. The report points to many vulnerabilities, the expanding number of access points to protected health information, or PHI, and other sensitive data via electronic medical records and the growing popularity of wearable technology makes the healthcare industry a vulnerable and attractive target for cybercriminals.

“We expect healthcare breaches will increase – both due to potential economic gain and digitization of records. Increased movement to electronic medical records and the introduction of wearable technologies introduced millions of individuals into the healthcare system, and, in return increased, the potential for data breaches,” the report notes.

”Healthcare organizations face the challenge of securing a significant amount of sensitive information stored on their network, which combined with the value of a medical identity string makes them an attractive target for cybercriminals,” the authors add. “The problem is further exasperated by the fact that many doctors’ offices, clinics and hospitals may not have enough resources to safeguard their patients’ PHI. In fact, an individual’s Medicare card – often carried in wallets for doctors’ visits – contains valuable information like a person’s Social Security number that can be used for fraud if in the wrong hands. Currently, we are not aware of any federal or law enforcement agency which tracks data on SSN theft from Medicare cards, but the problem is widely acknowledged.”

The takeaway? Security breaches are a real and increasing threat to the Healthcare industry and taking the proper precautions and implementing security standards, processes and protocols is no longer an option but a necessity. Consult with a security expert today for a Security Assessment and Mitigation Plan at EHR & Practice Management Consultants, Inc. (www.ehrpmc.com) 1-800-376-0212 or contact@ehrpmc.com

Cyber Threats are at Highest Risk in the Healthcare Industry

In April 2014 the FBI Cyber Division issued a warning that medical devices and healthcare systems are at risk for increased cyber attacks due to financial benefits of hackers.

Due to the deadline for providers to go on an EHR by 2015 there will be many providers going on an EHR to reach this deadline which will include a greater number of medical devices connected to the Internet which will be at an increased risk of cyberattack for medical information of patients.

Compared to other industries the FBI stated the healthcare industry is not as well prepared to handle these cyber attacks.

As cited by Symantec, last year 37% of breacjhes were forund to be in the healthcare industry which is the largest for any industry.

As I have discussed in my earlier blogs, this not only puts the patient’s identity at risk for fraudulent activity but it also creates potential health risks in case a person fraudulently uses their identity and receives medical treatment. This can have misinformation as part of the true patients health history, treatments, and medications they are on. Not only could this cause an increase in the patients premium but misinformation could be given to other patients regarding the patients health and be mistreated by other providers. This is why it always important for a patient to periodically go online with their insurance company to make sure the claims being sent to the insurance firm are for claims that they actually had on their behalf. Additionally, when their providers are starting to receive information on the health information exchange (HIE) of care they received elsewhere to verify with the provider this is correct.

Identity theft not only can cost a person thousands of dollars to have resolved but can also put their health outcomes at risk.

If you are a provider/ practice/ clinic and would like a full risk assessment and mitigation plan completed for your practice to avoid any security breaches of your patients protected health information please contact us at EHR & Practice Management Consultants, Inc.  1 (800) 376-0212 or contact@ehrpmc.com