Technology has provided many advantages to the healthcare sector, such as allowing better collaboration between providers, patient’s records being more accessible during care, and more. But one of the downsides is that some healthcare systems have been shown vulnerable to attack - specifically, cyber-hacking. Some of the better-known incidents in recent history were the data breaches at Anthem, Premera, and UCLA Health. Let’s take a look at why these breaches are particularly nasty, and what private medical practices can do to avoid them.
Healthcare data is different from other breaches
Unlike typical financial data breaches, hacking into a person’s medical information can carry longer-term consequences. Although hacked financial information can definitely cause some negative effects, it is typically mitigated by a few factors: how quickly credit and debit cards are reissued, and the prompt response most banks have developed in response to fraudulent actions. In many cases, the average banking customer has been empowered to help guard their financial data, through automated fraud alerts and other consumer-friendly tools.
Conversely, data breaches are somewhat a newer phenomenon in the world of healthcare, so many organizations (private medical practices all the way to large hospitals and insurance carriers) may not have an adequate process in place to respond when it does happen - and the trend indicates that these breaches will continue to increase in frequency. One of the primary reasons healthcare breaches can be very serious is that a person’s medical history or information can be seized and even changed. Consider the implications if someone has falsified your medical record, and medical staff during an emergency are under the impression that your blood type is A, when really it’s type O. Less dangerous but still negative possibilities include the exposure of incredibly private information, such as treatment of diseases, diagnoses that can affect a person’s employment, and more. Lastly, health care hacks can also enable fraudulent action, such as opening false lines of credit, or ordering pricey medical equipment for resale elsewhere. Unfortunately, healthcare data is valuable on the black market, and future breaches are a matter of when, not if.
What can a private medical practice do to protect against breaches?
There are a few ways for private medical practices to hedge against healthcare hacks. First, consider comprehensive insurance coverage against cyber-hacks. While a general liability policy likely has some coverage against data breaches, it is well worth the time to understand what it really covers...because it’s very likely that all hell will break loose in your practice if a massive breach occurs. Ideally, look for a policy that will help your medical practice treat breaches like a bank or other organization would: notify affected individuals and the public, help establish credit monitoring for those affected, and hiring IT personnel to shore up electronic vulnerabilities. If a policy like this sounds too involved, consider partnering with other physicians and getting representation as a group.
Aside from liability coverage that includes cyber-hacking, it’s important for private medical practices to make sure they are not vulnerable to HIPAA breaches as well. Other factors to beef up security include practice management software that incorporates the latest security features. To learn more about these options, please contact us today to see how Keystone Health Partners can help your private medical practice.