Adopting best practices key to data security, HHS officials say

Citing the Australian DJs who gained confidential information about the Duchess of Cambridge over the phone, a commentary in the New England Journal of Medicine calls on healthcare organizations to adopt best practices to ensure data privacy and security.

Aside from the undue attention focused on celebrities, as in other industries, hackers often seek information they can use for financial gain, a Verizon report pointed out last fall.

Healthcare providers, insurers and even patients themselves must be vigilant to thwart fraud and identify theft, according to the NEJM piece, written by three officials from the U.S. Department of Health & Human Services Office of Inspector General. They say government auditors sitting in hospital parking lots have been able to obtain patient information by using laptop computers to tap into unsecured hospital wireless networks.

Firewalls, strong security protocols, antivirus programming and password protections are essential, they say, as well as educating staff about the dangers of remaining logged on to multiple computers when they might not be in close proximity.

In addition to physical safeguards such as secure document storage, the authors advocate electronic safeguards, such as erasing hard drives of rented photocopiers, and human safeguards, such as timely deactivation of electronic and physical access when an employee leaves the job.

And providers, they say, must teach their staff to authenticate callers and release only information to which the caller is entitled.

The Centers for Medicare & Medicaid Services and OIG have collaborated to create instruction materials on best practices for promoting privacy and data security.

Network security ranked among healthcare CIOs' top priorities for 2013, according to a recent study published by Level 3 Communications. Twenty percent of those surveyed said they had experienced a security breach in the past year.

"Patient privacy and the security of health records are weighing on the minds of healthcare CIOs," Karl Strohmeyer, Level 3 group vice president, said.

But as FierceHealthIT's Gienna Shaw has pointed out, the freakier means of hacking healthcare information go far beyond the social engineering threats, such as those experienced by the Duchess of Cambridge.

To learn more:
- find the commentary