We can’t allow cybercriminals to win in health data breach

In less than five months, the Tallahassee Democrat has reported at least two major breaches into the healthcare technology systems: one in February and the latest is this month - the investigation for which is ongoing. Phishing attacks on the hospital systems are rising and so are the defensive measures by the health care providers. Ironically, cybercriminals continue to outpace healthcare innovations in the area of data privacy.

The latest episode at HCA Healthcare has affected 47 hospitals and 11 million lives.

As unfortunate as these breaches are, the primary victims of these illegal intrusions are patients. We must not forget that data theft can cause health and mental trauma for the victims. It can sacrifice patients’ financial and health privacy, and even their lives in worst-case scenarios.

In patient-centered environments, violation of patient data cripples the ability of healthcare consumers to receive high-quality care. Most prominently, it ruins trust between patients and their providers.

The latest breach will not be the last one.

Health information technology has seen remarkable growth in the last decade or so, and awareness and skills of IT vendors continue to grow around patient data safety. However, given the almost regular occurrence of data violations, we must accelerate fortification of our health information infrastructures.

Fortunately, the U.S. has covered a lot of ground in this area through the HIPAA privacy law and many other data security measures. The Office of the National Coordinator for Health Information Technology continues to adopt measures to strengthen the country’s health data regimes. There are many organizations such as the Sequoia Project and the Integrating the Healthcare Enterprise that are tirelessly working to fortify systems in the healthcare industry.

Health data is everywhere from personal computers to electronic machines in care settings. While every incident has its own tweak, there are specific measures that health care providers can adopt to preserve and safeguard patient data more effectively.

We need to boost training and education around safe handling of confidential data. Employee training and regular data safety drills are critical. All involved in the care must be aware of the legal, administrative, and technical protection of the data that HIPAA provides. Intentional violations can cause significant legal issues.

We must implement recognized traditional data protective measures such as multi authentication factors, encryption, strong passwords, security audits, etc., more rigorously. There are dozens of certified health IT systems in the U.S., and providers must adopt and utilize these platforms for increased data protection.

We must implement lessons learned from these adverse data events across the healthcare ecosystem to prevent future breaches. This will allow gap assessments in the security infrastructures and take proactive measures.

The remarkable contributions of our health systems to provide the best patient outcomes are undermined by data compromise. Rigorous training and enhanced technology can prevent these unfortunate events.

ABM Uddin is a healthcare and IT consultant living in Tallahassee. Views expressed in this column are the author’s own.

JOIN THE CONVERSATION

Send letters to the editor (up to 200 words) or Your Turn columns (about 500 words) to letters@tallahassee.com. Please include your address for verification purposes only, and if you send a Your Turn, also include a photo and 1-2 line bio of yourself. You can also submit anonymous Zing!s at Tallahassee.com/Zing. Submissions are published on a space-available basis. All submissions may be edited for content, clarity and length, and may also be published by any part of the USA TODAY NETWORK.

This article originally appeared on Tallahassee Democrat: We can’t allow cybercriminals to win in health data breach