Blog

The Road to HIMSS: Treating Healthcare Data Risks

Next week we'll be exhibiting at the HIMSS conference in New Orleans.

Next week we'll be exhibiting at the HIMSS conference in New Orleans. (Check us out in booth #8217 near the Intelligent Hospital display) We're looking forward to showcasing our DMsuite solution for healthcare data, and we're especially eager to discuss the issues facing healthcare organizations. Everyday we hear about mis-used or lost data in the media, and it seems to get worse everyday. In this iPost story we learn of an individual who stole patient data to commit tax fraud: In March 2012, Loverson Gelmine, a hospital volunteer at Jackson Memorial North’s emergency department in Miami was arrested when it was discovered that he had used a smartphone camera to take 1,100 photographs of patient records. The data contained Social Security numbers and other health information. The only reason that Gelmine’s actions were exposed was because he was caught using the free WiFi in a McDonald’s parking lot to file fake tax returns. Gelmine was working with two other men in the tax scam. He sold the health information to one of the other males. The hospital has since banned smartphones for all volunteers. According to the Redspin Breach Report 2012 released last week, healthcare breaches were among the most high-profile data breach incidents last year. The study found that 67 percent of all U.S. healthcare breaches were the result of theft or loss of data. While healthcare professionals seem more concerned about the risk of hackers, only six percent of incidents were caused by hackers and 38 percent of incidents originated with an unencrypted laptop or portable electronic devices. The reality is, data needs to be shared in many instances, especially in the healthare sector. And as we know, encryption isn't a fail-safe solution. To achieve interopreatbility as well as proceed with multiple (sometimes conflicting) priorities, the utilization of a robust data de-identification software is critical. Data should be consistently de-identified across all ACO participants (according to OCR specifications) and NO real PHI should leave any ACO participant. This will ensure robust testing to support proper patient care, reporting to the government as well as individual participant management, and also support big data and cloud initiatives. Recently I gave a webinar session called, "Defending Data in Healthcare: Securing Private Information to Ensure Ironclad HIPAA Compliance," which you can view here. This was the agenda: There is an aggressive audit program in place to assess compliance with HIPAA this year. The Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has already started a pilot program of 150 audits, and it plans to add even more. Is your company ready for a compliance audit? Join Senior Security Consultants, Joe Santangelo and Andy Hebert from data security solutions leader, Axis Technology, LLC, for a webinar that will cover critical steps for ensuring your business is protected, including: •Non-compliance - potential consequences •How to know exactly where your sensitive data is and identify where the real risks are •Protecting data from external threats •Securing data from improper internal access •Protecting PHI when business associates are involved •The impact of Bring Your Own Device ("BYOD")