4 Things every urgent care should know about health IT security

There's no denying that the digital revolution has spawned an age of convenience, but with that convenience comes a growing concern for the security of consumer information.

This rings especially true for healthcare organizations that are responsible for mountains of patient information.

A stolen credit card can be cancelled, but a medical record contains significantly more rich data and information about a person. These records contain family information, financial information, and of course, a medical history. "A person's health information is worth 15 to 20 times more than financial information," said Robert Wah, MD, President-elect of the American Medical Association and Chief Medical Officer for CSC, a health IT Company in Falls Church, VA.

Lisa Gallagher, Head of Privacy and Security at HIMSS agrees. "It's easier for identity theft to take place from a medical record that's not secure than it is from a financial record because they tend to be locked down a little better. Hackers and other perpetrators have moved to trying to get it from the medical record."

All healthcare organizations, including urgent care centers, must educate themselves about health IT security so they can better protect their patients.

With this in mind, here are 4 things you should know about health IT security.

1. A Rise in Theft - the Result of a Perfect Storm
Gallagher points out that patient ID theft is on the rise thanks to a combination of factors. "We have the use of mobile to access data or transmit data which is an insecure way to do things." In addition, because of constant regulatory changes and need for compliance updates, most providers' attention and resources are pulled in a variety of directions, allowing the IT security ball to be dropped. Gallagher is concerned that most health organizations spend, on average, only 3 - 5% of their budget on IT security, a relatively low figure as compared to other industries.

2. Employee Breaches are a Significant Problem
One of the biggest concerns for healthcare organizations is employees accessing patient information they shouldn't be. When this happens, it's considered a breach by federal regulators.

"Implementation is such that you can't segment a nurse on the floor from only looking at her patients' data," Gallagher said. "They have access and are able to look at someone else's record." Urgent care centers must work with their health IT vendors to prevent these breaches from happening.

3. Avoid HHS' Wall of Shame
Federal law requires providers who have violated patient privacy to notify those individuals that a breach has occurred. HHS then posts the names of these providers whose security breaches exceed 500 patients. As you may have guessed, their list is dubbed the "Wall of Shame." The list, which includes the names of nearly 900 providers, is now in searchable format.

4. Asking for Insurance ID Should be Mandatory
As Washington continues to debate healthcare reform and millions of Americans wait to see if Obamacare is truly staying or going, costs continue to rise. With many unable to pay for coverage, some people are likely to use someone else's coverage information to pay for healthcare services.

For instance, someone's wallet may be stolen with their health insurance card inside. The perpetrator may now use it in an emergency room to get care they would otherwise not be able to afford. The victim of the crime will then be billed for an ER visit that wasn't theirs. Getting the bill sorted out becomes a nightmare, and there is now data on the individual's health record that belongs to someone else, compromising its integrity. Correcting this data is not simple, Gallagher says, "There's no process to fix it. Their policy is you don't extract data from a medical record because it's a legal record."

To avoid these hassles, urgent care centers should always require ID from patients when checking in.

What Can You Do to Protect Patient Data?
It's important to work closely with your EHR vendor to ensure that superior security and privacy are provided once your system is implemented. Speak with your EHR vendor about the following:

Enhanced Administrative Controls
Enhanced administrative controls enable urgent care centers to stay updated on all privacy policies and procedures. Controls will also help guide employees through stringent security training processes as well as run background checks on all employees before hiring.

Monitor System Access
Not all employees should have the same access to information. Your vendor can help you create physically inaccessible systems to unauthorized individuals and have verification requirements for all system users. Passwords and PINs can also be created for your staff.

Your vendor can also ensure you have automations in place for data recovery or restoration and configure automatic software shutdown routines in case of a potential breach.

Audit System Users
With the help of your EHR vendor, you can identify any weak spots in your system and detect attempted breaches. Your vendor can show you how to audit all authorized users and avoid future breaches.

Control Employee Devices
Meet with senior management to create a comprehensive security plan for data disposal. How will you remove data from reusable hardware? How will you track reprocessed hardware? How will you back up data? Your EHR vendor can help you with these procedures as well.

Apply Data Encryption
Make sure your vendor can disguise the data inside your medical files through cryptography. This is perhaps the most important security protocol as it renders data unreadable to outside sources.

It's also important to keep in mind that healthcare organizations must protect themselves from other data mishaps. Yes hackers and breaches should take precedent, but what happens when your urgent care emr software fails? What do you do when your location experiences a natural disaster and medical files are lost or damaged as a result? To prevent such scenarios, it's important that you speak with your EHR vendor about remote storage and data backup options.

CureMD doesn't just provide our customers with health IT solutions, we offer peace of mind. We act as your security partner, ensuring your patient information is always 100% safe and protected.

Author Bio:
Alex Tate is a health IT fanatic who is passionate about technology and its revolutionary impact on the healthcare industry. He adds value to the healthcare community by providing answers to problems faced by the providers. He is always hunting hot topics and opportunities that will open new dimensions in the field of Health IT. You can contact at alex.tate@curemd.com

The views, opinions and positions expressed within these guest posts are those of the author alone and do not represent those of Becker's Hospital Review/Becker's Healthcare. The accuracy, completeness and validity of any statements made within this article are not guaranteed. We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Webinars

Featured Whitepapers