From the June 2017 issue of HealthCare Business News magazine
By Sanjaya Kumar and Chandrashekar Bilugu
Today’s health care industry depends on information systems – from clinical applications such as EMR/CPOE systems, to specialized radiology, pharmacy, laboratory systems, to billing and scheduling systems, etc.
The accessibility of data and interoperability from such systems is resulting in increased productivity, efficiency, improved quality of care and ensuring safe patient care.
Numed, a well established company in business since 1975 provides a wide range of service options including time & material service, PM only contracts, full service contracts, labor only contracts & system relocation. Call 800 96 Numed for more info.
Health care organizations are a top target for hackers due to their inherent vulnerability, with cyberattacks becoming more focused and sophisticated. Health care records are a treasure trove of data for identity thieves. Health records are popular targets for their high potential for exploitation through identity theft, insurance fraud, stolen prescriptions, ransom attacks and dangerous hoaxes.
According to Reuters, on the black market, medical information is sold for more than 10 times your credit card number. Continuous dependency on information systems also makes health care organizations prime targets for ransomware attacks. The “wannacry” attack encrypted key patient data within hospital systems, crippling operations.
Several assessments and surveys have highlighted that health care organizations in the U.S. are at great risk today for cyberattacks and there are limited mitigating safeguards in place to ensure continuity of operations. It has also been highlighted that investments to safeguard systems and data by health care organizations come at an increasingly exorbitant cost in the era of shrinking margins. However, with significant HIPAA fines and penalties being enforced for PHI data breaches and noncompliance with established standards, health care organizations are left with few choices but to enforce compliance and strengthen key processes to plug vulnerabilities and mitigate cyberattacks.
There are nearly 250 HIPAA privacy and security controls that require continuous monitoring by covered entities and their business associates (who, in turn, are now also liable for inadvertent exposure of PHI).
• The top three major gaps in processes and failures at health care organizations are related to: * Not establishing and maintaining required documentation (49.4 percent).* Lack of evidence of adequate data and information management (26.5 percent).Lack of notification, training and responsiveness (10.5 percent).
Data on breaches also highlight that data security failures originate from both inside and outside of the organization given the dependency on a varied number of business associates and vendors that health care organizations contract with.