Career Insights

Hacking Health Care: Your Guide to Privacy

Concorde Staff

Concorde Staff

Share:
Updated September 3, 2015. The information contained in this blog is current and accurate as of this date.
Internet Hacking

Every week seems to bring a new and bigger data breach attributed to hackers. The targets are many and varied: Department stores, major websites and even U.S. government agencies have seen sensitive, private information exposed in recent months.

For its massive potential for profitability, the health care sector ranks near the top of many hackers' lists. In 2003, the use of most health information became subject to strict regulation with the passage of the Health Insurance Portability and Accountability Act Privacy Rule. And in 2009, Congress passed additional legislation that pumped billions of dollars into promoting health information technology, including the adoption of electronic health records.

As the use of information technology has spread, the health care landscape has become more complex - and more subject to unauthorized disclosure, as a report in Marketing Health Services notes.

 

A SYSTEM EASILY BREACHED

 

A number of factors make health care providers ideal targets. The recent transition to digital records - along with a growing number of Internet-connected medical devices and security standards that lag behind other industries - has created a new cyber playground for criminals.

Upping the ante is a black market that provides much higher paydays for medical records than for other types of personal data. A 2014 study found that data breaches could cost the health care industry some $5.6 billion a year.

 

POTENTIAL DAMAGE TO CONSUMERS

 

The biggest danger of data breaches for the average consumer is health care identity theft. When data related to an individual's health care is compromised, it can take months or years for the breach to come to light.

According to Government Health IT, health care fraud cost U.S. consumers as much as $234 billion annually as of 2012. The figure is unsurprising, considering that a pilfered medical identity has a $50 value on the black market, whereas a Social Security number is worth just $1.

 

HOW DO MEDICAL DATA BREACHES HAPPEN?

 

Health care organizations constantly work to update IT systems and to improve security. But many breaches happen for an old-fashioned reason: human error. Three-quarters of health care organizations cite employee carelessness as the biggest threat to data security.

With the stakes so high, simple mistakes can have dire consequences. In 2014, the theft of two laptops from AHMC Healthcare Inc.'s administrative offices resulted in the breach of confidential medical data - including Social Security numbers - belonging to 729,000 patients.

 

WHAT STEPS ARE HEALTH CARE PROVIDERS TAKING?

 

The U.S. Office of the National Coordinator for Health Information Technology notes that health care providers are required to protect health information with passwords and other technical security enhancements like encryption. And HIPAA requires that health care providers secure certain protected health information by:

  • Limiting who can access the information
  • Limiting disclosure of the information
  • Ensuring that vendors follow the rules
  • Implementing technical, physical and administrative protections

 

In practice, security safeguards include passwords and PINs that limit access to authorized people, such as doctors and nurses. Information also may be encrypted, requiring a software "key" at both ends of a transmission. Individual workstations are locked down from prying eyes, and audit trails track who accessed or changed information.

 

SYSTEMS ARE ONLY AS SECURE AS THEIR USERS

 

Health care IT teams will continue to race against hackers and other criminals to keep data safe through digital means. But in the end, the security of everyone's health care information rests with individuals.

You can be a part of the solution at Concorde Career College. Our Health Information Management program educates health care professionals on new and better ways to protect patients' valuable information.

Take The Next Step Towards a Brighter Future

We have a Concorde representative ready to talk about what matters most to you. Get answers about start dates, curriculum, financial aid, scholarships and more!

  1. Program length may be subject to change dependent on transfer credits and course load. Please refer to current course catalog for more information. Concorde does not guarantee admittance, graduation, subsequent employment or salary amount.

  2. Professional certification is not a requirement for graduation, may not be a requirement for employment nor does it guarantee employment.

  3. Financial aid is available to those who qualify but may not be available for all programs. Concorde does not guarantee financial aid or scholarship awards or amounts.

  4. Clinical hour requirements and delivery may vary by campus location and may be subject to change. Concorde does not guarantee clinical site assignments based upon student preference or geographic convenience; nor do clinical experiences guarantee graduation, post-clinical employment or salary outcomes.

  5. Registration and certification requirements for taking and passing these examinations are not controlled by Concorde, but by outside agencies, and are subject to change by the agency without notice. Therefore, Concorde cannot guarantee that graduates will be eligible to take these exams, at all or at any specific time, regardless of their eligibility status upon enrollment.

  6. Externships are a non-paid in-person learning experience, whose length and location may be subject to change. Concorde does not guarantee externship placement, graduation, post-externship employment or salary outcomes.