Tags
ehr, elctronic health record, electronic health record, Hacker, health it, healthcare, HIPAA, Hospital, Security
The recent failure of security in the article pertaining to Anthem brings to the fore front the issue of Health Care security, once again.
It is time for Health Care to take the security of our information much more seriously. The critical personal information they keep on our behalf has become sweet honey for hackers. We, as patients, need to trust these vital institutions to keep our information from prying eyes, both internally and externally and, no breach should be tolerated. The Anthem breach is just another, in one of many, that should send the clarion call to all Health Care Providers to tighten the screws on security policies and procedures, along with a zero tolerance approach. There is an inherent responsibility laid on them to protect our information if they choose to use it for purposes pertaining to evidenced based medicine in order to increase patient care. If anyone in the Health Care industry believes that no one wants to hack healthcare, it is clear they are on a boat drifting on the river denial.
There is a ton of information a devoted hacker, or team of hackers, can use for nefarious purposes. The demographic information such as social security numbers, personal addresses, and such can be used for identity theft. Also, prescriber information pertaining to narcotic scripts has the potential for a whole other realm of possibilities. It is not just the patients’ information at risk here but, the physicians as well. It is only a matter of time before some savvy pod of hackers’ figures out a way to circumvent current procedures and call in narcotic prescriptions. Perhaps, this is what it will take for the industry to take the security of the patients’ information more seriously.
Of course, there is always the association between security and the assumption of risk. The higher the security, the less risk one assumes but, the conundrum prevails as to finding the balance. We do not want to make it so difficult that work cannot be done but, we need to consider the potential risks involved when this information is forcibly removed or breached internally. No system can be 100 percent secure, as Kevin Johnson, white hat hacker and chief executive officer of the security consulting firm Secure Ideas (McCann, 2015, para. 10), says in the article. He also states “We don’t want it secured 100 percent because we want to see who did this” (McCann, 2015, para. 10). However, we never seem to hear of anyone actually caught from these serious breaches. One has to wonder, why is that?
The level of sophisticated technology to track these breaches is just as high as those who use the technology to break in. However, many “White Hat” security firms are bound by laws that criminal hackers are not. This makes it much more difficult for them to find those who operate outside the law. Therefore, it must fall to the Health Care Industry to strengthen their physical, and cyber security models. When a Health Care firm gets breached, it is not the firm that suffers, not really. They may get a fine or a slap on the wrist for the lack of protocols or the like but ultimately, it is the patients who reap the devastation. Because it is our information now in the hands of those who tend to do ill with it.
Reference
McCann, E. (2015, 2 6). Anthem hack: ‘Healthcare is a target’. Retrieved from Healthcare IT News: http://www.healthcareitnews.com/news/anthem-hack-healthcare-target?mkt_tok=3RkMMJWWfF9wsRols6rIZKXonjHpfsX56O0rX6W3lMI%2F0ER3fOvrPUfGjI4CRMpjI%2BSLDwEYGJlv6SgFQ7LHMbpszbgPUhM%3D