Medical data is up to 50 times more valuable than credit card data, so your medical records could be more valuable to a hacker than your credit card statement. Why? A compromised credit card can be cancelled, and the scope of the identity theft is limited to finances. Medical records do not change and can be used to commit multiple types of fraud.
The Health IT market is exploding in growth because patients are demanding mobile access to their medical records. Due to this demand, Patient Health Information (PHI) will be everywhere, making the risks astronomical. Medical professionals are beginning to recognize these risks. And unfortunately, so are hackers and criminals.
Why Smaller Practices Pose the Most Risks:
To thieves and others, small organizations are often the easiest target and source of data. Since meeting HIPAA HITECHsecurity and privacy compliance is challenging due to fewer financial, IT, and personnel resources, the risks of security and privacy breaches are often greater for small, medium and safety net medical and behavioral health provider organizations.
Smaller practices and those supporting underserved communities often lack the resources to know what tools to put in place to avoid cyber attacks and data breaches. Or, they have the right tools but have not been implementing them properly. These types of organizations often believe they should focus solely on patient care, and adopt the “I‘m too small for the government or hackers to care about” mindset. Unfortunately, their staff can still accidentally or intentionally create a data breach because they have not been properly trained.
What happens when patients don’t feel confident their data is secure?
If patients believe their provider’s office is not fully secure they may withhold some of their personal information that is needed to make an accurate diagnosis. Patients may hold back the fact that they are HIV positive, or that they are taking a mental health medication. Corrective actions may be delayed, or even worse, a dangerous drug interaction could occur.
How do privacy breaches in small practices affect larger practices?
Amplified risks to small practices impact larger health organizations in multiple ways. If vulnerable health organizations gain a bad reputation for security and privacy breaches, their patients will migrate toward larger health centers and hospital Emergency Departments. Or, they will stop accessing care altogether, which leads to an increase in acute chronic health issues resulting in emergency room overuse and hospitalizations with high risk of readmission. Furthermore, data breaches that started with a smaller organization may proliferate to larger organizations they are electronically interconnected to. Therefore, hospitals and larger health systems that provide services may be at risk for breaches, audits, and increased utilization costs from their daily business interactions.
So what is needed? A simplified, easy-to-follow and affordable approach smaller providers can understand and use, training for staff to eliminate human error, and leadership capacity to create and prioritize a culture of security and privacy awareness within the organization. Larger organizations can help by providing how-to approaches, standards and guidelines and loaning technical resources to smaller and safety net providers. Remember, in an interconnected world, one organization’s risk and data breach can quickly become another’s.