COVID-19 Update: Read our messages to employees and clients

June 16, 2015
Loss of Data: Ensure It Doesn't Happen to You

When hackers breached the computer system of the Anthem Inc. — the largest health insurer by market share in 82 of 388 metropolitan areas examined by the American Medical Association — they gained access to the personal information of tens of millions of customers and employees. Databases containing names, dates of birth, Social Security numbers, member ID numbers, addresses, phone numbers, employment information and even, potentially, income figures for up to 80 million people, were accessed by hackers, according to the Los Angeles Times.

After a long investigation, the Department of Health and Human Services (HHS) found that Anthem (then WellPoint, when the data-security breach occurred in 2010) did not adequately implement policies, procedures and software-security checks to protect unsecured electronic protected health information. The result was a major violation of the Health Information Portability and Accountability Act (HIPAA), and Anthem was slapped with a $1.7 million fine by HHS.

The largest fine settlement agreement to date for HIPAA violations went to New York-Presbyterian Hospital/Columbia University Medical Center — $4.8 million for a breach that led to exposure of patients’ medical records and test results. If it can happen to the big boys, it can happen to you. A recent analysis shows that 90% of health care organizations have exposed their patients’ data or had it stolen. In the wake of events like these, it’s a good time to pause for a refresher on some of the steps you need to take — beyond the standard firewalls and anti-virus software that should be installed — to secure the privacy of your patients’ medical, financial and personal data.

Paper records

Keep all paper medical records under lock and key and make sure only authorized personnel have access to them. Digitize and destroy records on an ongoing basis, to minimize the risk that records will become “lost in the shuffle,” resulting in exposure of patient information.

Electronic records

Don’t assume your electronic health records (EHR) vendor and health information technology (health IT) staff are simply upgrading security on a regular basis. When software is being installed or upgraded, ensure the following security features are in place: encryption, auditing functions, backup and recovery routines, unique user IDs and strong passwords, role- or user-controlled/restricted access controls, automatic timeout and provisions for emergency access. Train staff in appropriate use, including practical tips such as not writing down passwords, changing passwords regularly, logging out when done using the system, and making sure computer screens cannot be seen by unauthorized persons.

Portable devices

Work with your EHR vendor and health IT staff to ensure remote access to your systems can be secured — for example, if a physician wants to add notes to the patient record after hours from home, or if nurses need to email patients securely about upcoming appointments. Install and enable encryption on any portable device that will be used for purposes of accessing your protected health data. As such, it’s probably a good idea to restrict access to only those devices (mobile phones, laptops, tablet computers) issued by the organization for these purposes. These devices should also have remote wiping/disabling installed and activated, and should not be allowed access to file-sharing applications. It’s too easy to lose or leak data with the wrong touch or click.

Policy and procedure

Know how the backup and recovery system works, including where the documentation will be stored, how to retrieve it and how to test it. Back up data daily and test the recovery system regularly, perhaps at the same time as another important requirement, such as fire-safety checks. Have a policy in place to ensure staff are able to authenticate the identity of health IT staff who might work or make contact remotely.

Hackers are not going to stop trying to access healthcare data anytime soon. Criminal attacks on U.S. healthcare data are up 125% compared with 5 years ago, and hacks have replaced lost laptops as the leading threat to the security of healthcare information. In fact, 65% of healthcare organizations have experienced electronic information-based security incidents over the past 2 years, and yet they admit they’re not taking the steps to enhance and ensure protection of data, according to the Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, sponsored by ID Experts. It is critical to remain vigilant in the quest to safeguard your patients’ information — and, by extension, their privacy.

Care Navigators
As healthcare business models evolve, so should care teams.

Patients who are paired with Care Navigators report feeling less anxiety, and an increased ability to self-manage their conditions between visits. And providers report increased job satisfaction from improved efficiency, and knowing their patients have access to care teams, and strategic support.

Chronic Care Management
With an increased aging population managing two or more chronic illnesses, extending your care teams’ ability to communicate with patients is critical. We take a strategic approach to helping patients chart a path towards their health goals, while self-managing their chronic conditions between clinical visits.

Artificial Intelligence
Our advanced AI solutions tackle complex documentation challenges to reduce the administrative burden preventing doctors from delivering precision care. We'll guide you through the best practices for incorporating AI into your workflow. Gain visibility into your data with enhanced analytics driven by AI and CTAs.

Nurse Care Team Assistants
While nurses comprise the largest healthcare workforce, many suffer in silence from burnout and decreased job satisfaction. Our Nurse CTAs combat burnout with strategic support. From documenting patient encounters to monitoring vital signs, CTAs ensure nurses work top-of-license. CTAs close critical gaps in the care continuum and provide nurses with the added bandwidth to focus on critical care.

Scribe Services
There’s a reason why we’re the nation’s most frequently used scribe company: we offer professionally trained in-person and virtual medical scribes to meet the specific needs of our clients. We offer a variety of scribe programs, as well as technology and personnel solutions that address revenue cycle management, the transition to value-based care, and more through our HealthChannels family of companies.