The (Anderson) Herald Bulletin
An individual’s health record is private.
Or so they think.
Federal standards govern the security of electronic and identifiable health information. Federal standards also require notification of patients when a breach of information occurs.
But there are still cybersecurity breaches.
The Indiana Hospital Association reported this year that 27 hospitals and health care systems in Indiana had been attacked by hackers.
Medical facilities aren’t the only entities impacted. It also affects companies that have contracts to access patient data.
In 2019, Medical Informatics Engineering Inc. paid $100,000 to the Office for Civil Rights at the U.S. Department of Health and Human Services for potential violations of the Health Insurance Portability and Accountability Act, or HIPAA.
MIE, based in Indiana, supplies software and electronic medical record services to health care providers.
Four years earlier, MIE discovered that hackers used a compromised user IS and password to access records of about 3.5 million people. MIE filed a breach report with the Office of Civil Rights, which investigated and found that MIE had not conducted a wide-ranging risk analysis before the breach.
Such a cyberattack on electronic health records is important to note during October, which is Cybersecurity Awareness Month.
The FBI is spotlighting the month amid an ever-increasing number of cyberattacks and internet crimes. Guidance typically provided for health care providers includes firewalls, encryption tools and software that detects intrusions. But patients need help and guidance, too.
It would be wise for patients to ask their health care providers where their information is sent and whether a third party, such as an online registration portal or a marketing firm, has access to it. If you wear an electronic medical device, who really has access to that data?
The U.S. Department of Health and Human Services has suggested patients ask a health care provider whether there’s an audit trail feature, one that records who accesses information. Learn whether your records are encrypted and have to be decrypted by your provider.
Quite simply, ask whether any unauthorized person could access your electronic health record.
And since it’s cybersecurity month, on a personal level, the FBI has recommendations for individuals.
• Do not open any email attachment or click a link unless you are expecting the file, document or invoice and have verified the sender’s email address.
• Be suspicious of requests for secrecy or pressure to take action quickly.
• Keep systems and software up to date and install a strong, reputable anti-virus program.
• Create a strong and unique passphrase for each online account and change pass-phrases regularly.
• Use multi-factor authentication.
• Examine the email address in all correspondence and scrutinize website URLs before responding to a message or visiting a site.
• Be cautious about the information you share in online profiles and social media accounts.
• Don’t send payments to unknown people or organizations that are seeking monetary support and urge immediate actions.
• Beware of sudden changes in business practices with vendors or customers.
Send comments to [email protected].
