Topics
Reimbursement
Proposed inpatient payment rates 'woefully inadequate' AHA says
Proposed inpatient payment rates 'woefully inadequate' AHA says
Revenue Cycle Management
Enhancing preventive care with accessibility and technology
Enhancing preventive care with accessibility and technology
Strategic Planning
Intermountain Health spinoff Culmination Bio announces partnership 
Intermountain spinoff Culmination Bio announces partnership 
Capital Finance
Tech investment must bring value to care delivery
Tech investment must bring value to care delivery
Supply Chain
HIMSSCast: Embrace technology to replace the mundane tasks
HIMSSCast: Embrace technology to replace the mundane tasks
Accounting & Financial Management
Elevance reports 12.2% increase in earnings for Q1
Elevance reports 12.2% earnings increase for Q1
Budgeting
Insurers likely to pay $1.1 billion in rebates this fall
Insurers likely to pay $1.1 billion in rebates this fall
Quality and Safety
J.D. Power: Digital health insurance channels lack engagement
Study: Digital health insurance channels lacking
Billing and Collections
No Surprises Act implementation coincided with in-network claims growth
NSA implementation coincided with in-network claims growth
Claims Processing
UnitedHealth's 'band-aid' payment for Change disruption falls short, hospitals say
UnitedHealth's 'band-aid' payment falls short, hospitals say
Workforce
Physician pay rises 3%, though discontent persists
Physician pay rises 3%, though discontent persists
Operations
HHS seeks input from payers on Change cyberattack response
HHS seeks input from payers on Change cyberattack response
Medical Devices
Healthcare chatbots may promote racist misinformation
Healthcare chatbots may promote racist misinformation
Hospital/physician relations
Physicians would rather leave than work for Envision, doctor says
Physicians would rather leave than work for Envision, doctor says
Construction & Facilities Management
Henry Ford, Michigan State research center to be built for $335 million
Henry Ford, MSU research center to be built for $335M
Compliance & Legal
Optum's deal to buy Steward should be scrutinized, senators say
Optum's deal to buy Steward should be scrutinized, senators say
Policy and Legislation
HIMSSCast: Revolutionizing the Medicare program 
HIMSSCast: Revolutionizing Medicare 
Community Benefit
Nonprofit hospitals' charity care falling behind tax breaks, report shows
Report: Hospitals' charity care falling behind tax breaks
Accountable Care
New ACO model provides alternative for physicians to stay independent
ACO model provides alternative for physicians to stay independent
Acute Care
Acute Hospital Care at Home data released 
Acute Hospital Care at Home data released 
Ambulatory Care
U.S. trails other countries in primary care access
U.S. trails other countries in primary care access
Analytics
Children's Hospital Colorado creates analytics resource center
Children's Hospital Colorado creates analytics resource center
Business Intelligence
Elevance teams with private investment firm on primary care
Elevance teams with private investment firm on primary care
ICD-10 & Coding
Physician practices examine risk adjustment coding in wake of federal lawsuits
Practices keeping close watch on risk adjustment coding
Meaningful Use
CMS overhauls meaningful use EHR program, renames it 'Promoting Interoperability'
CMS overhauls meaningful use as 'Promoting Interoperability'
Medicare & Medicaid
DOJ sues Regeneron Pharmaceuticals over allegedly inflating Medicare reimbursements
DOJ sues Regeneron claiming inflated Medicare reimbursements
Patient Engagement
Commonwealth Fund creates employer-based health insurance task force
Commonwealth Fund creates health insurance task force
Pharmacy
CVS Health offering tuition assistance for pharmacists
CVS Health offering tuition assistance for pharmacists
Population Health
CDC warns clinicians to look out for bird flu cases
CDC warns clinicians to look out for bird flu cases
Risk Management
UPMC for You partners to offer Medicaid redetermination coverage in laundromats
UPMC for You offers Medicaid redetermination coverage in laundromats
Telehealth
Telehealth equity key to addressing digital gaps
Telehealth equity key to addressing digital gaps
Mergers & Acquisitions
Four mega mergers helped increase M&A in Q1
Four mega mergers helped increase M&A in Q1
View more
Aug 31, 2015 More on Risk Management

Be proactive, not reactive, in protecting healthcare data

This form of identity theft is extremely costly to the victim as well as the company that gets hacked.

David Rice, Bisk Education

Identity theft is a major concern for all companies that collect customer data, but potential consequences of data breaches in the healthcare industry can be especially dire, going beyond stealing identities and financial information that occurs in other types of data base invasions.

Aside from the typical repercussions of exposing addresses, Social Security numbers and personal data, medical identity theft can create a dangerous health risk if a thief hijacks a victim's insurance to receive treatment, mixing and confusing medical records.

This form of identity theft is extremely costly to the victim as well the company that gets hacked. Unlike credit card identity theft, where a victim's liability is limited to $50, medical identity theft costs victims $13,500 on average, according to a July 2015 USA Today article.

Healthcare data breaches represented 42.5 percent of all breaches over the last three years, the article said, with 91 percent of healthcare organizations reporting at least one data breach in the last two years.

The number of people at risk was highlighted by two high-profile breaches at healthcare companies that are examples of problems and shortcomings of data protection.

The first was a cyber-intrusion of Anthem, Inc., the nation's second-largest insurer, in which thieves stole records of 78.8 million people, including millions who are not Anthem customers.

Another cyberattack hit UCLA Health System that gave thieves access to records of 4.5 million people.

However, Anthem and UCLA Health have said those records may not have included patient information.

Medical identity theft has become a costly and potentially dangerous side effect of digitizing health data, but healthcare companies may not be equipped or prepared to protect the information.

Best practices for protecting data are not always easy for healthcare companies to follow, as they are usually not IT experts. According to Mayo Clinic Chief Information Security Officer Jim Nelms, healthcare information is more vulnerable than financial information because the industry is often 10-15 years behind in its IT practices.

Encryption of client data, mobile device security policies, written indemnification agreements and a plan that clearly outlines network privacy and the organization's plan for responding to incidents are all important boxes a healthcare company should check off, but the appropriate knowledge needs to be present for that to happen.

The data taken in the UCLA hack, for example, was not encrypted, the USA Today article said.

Medical devices make up roughly 40 percent of the technology being used in hospitals, and with doctors sharing information, security breaches are common, costly and complicated. From crisis management to the likelihood of legal actions, the cost of a single data breach can reach $3.8 million for the healthcare company, according to a study by the Ponemon Institute.

Protecting Health Data

A proactive approach to health data security is the key to reducing costs as well as the time it takes to identify a breach and contain it. Continuous monitoring is now a necessity to maintain the appropriate level of risk management as it provides meaningful, actionable intelligence and reporting rather than just data collection.

One of the biggest risks, however, comes in the form of security awareness for the workforce of a healthcare organization. Frequent, engaging security awareness training coupled with situational training can help limit risk and keep employees up to date and aware of the latest red flags and schemes.

Integration of Business Continuity Management (BCM) personnel who are trained to identify risks, threats and vulnerabilities to the system and develop effective responses that help the organization be more resilient against attacks can benefit companies immensely. Their presence can lower the cost of a data breach as well as speed up the response and containment process.

Additionally, healthcare organizations need to communicate with one another, sharing threat intelligence data and advanced analytics to make systems across the industry more difficult for hackers to penetrate.

The cost of detection has been high for healthcare organizations in recent years due to their lack of preparedness. By educating employees, conducting more frequent vulnerability assessments and increasing data encryption, companies can lower the cost of a compromised record, which in 2014 cost healthcare companies an average of $363 per stolen record.

The Cost of a Data Breach

Data breaches can come with a price beyond the previously stated $3.8 million of the remediation process. Cybersecurity is now a common concern among consumers, meaning a breach can lead to a damaged reputation and a significant loss of business. In 2014, the cost of a breach in terms of loss of business was $1.57 million on average. Therefore, data protection is as much a business challenge as an IT hurdle.

Building a strong security posture has become the priority of executives, many of whom are becoming more personally involved in data security strategy and response systems. Cyber insurance has also become a necessity as remediation costs linked to criminal breaches reached $170 per record globally for all data thefts, with the number of stolen records in the hundreds of thousands in some cases.

Information that can be extracted from health records is extensive and valuable to hackers who obtain it. The market for health information is growing as black market prices for medical records can run 10 times those of personally identifiable information from hacks in other industries.

That demand for healthcare data will continue to make things more complicated. And according to the Mayo Clinic's CISO Nelms, new technologies that are being used for healthcare treatment are not ready to improve security.

"For the next period of time -- I don't know how long -- we are going to have to craft and use things that are going to be marginally successful. Information security in the last few years has changed from stopping things from happening to creating regular, positive change in the reduction of risk," Nelms told the Wall Street Journal.

David Rice writes for Jacksonville University on behalf of Bisk Education, covering health informatics and nursing

News
Ending racism in healthcare often begins with medical education - and is the target of a new national project Ending racism in healthcare often begins with medical education - and is the target of a new national project Inequities can be found in every facet of the industry, but targeting medical students and residents can help stem the tide.