Government auditors stressed the need for hospital network security in the New England Journal of Medicine last month. The auditors claimed that hacking into patient electronic health records (EHRs) can be as easy as tapping into the system using a laptop in the hospital parking lot. To prove it, they did exactly that.
Security breaches like the one demonstrated by the auditors have resulted in 300,000 Medicare beneficiary numbers being compromise. This has ramifications for all of us, not just the individual whom the number belongs to. According to MedPage Today and the New England Journal of Medicine, breaches in patient information can enable insurance fraudsters to defraud private insurers as well as Medicare and Medicaid. Taxpayer money is then drained away from services, resulting in waste and higher costs for beneficiaries. Additionally, patients can suffer harm if hackers change information in the patient’s EHR. Mislabeling a medical condition can lead to improper treatment, and changing the frequency that a prescription can be filled can leave patients without critical medicine.
Auditors and their colleagues from the Office of the Inspector General (OIG) at the Department of Health and Human Services (HHS) recommend that best practices for security be employed both in and out of hospitals. They recommend measures like password protection, firewalls, antivirus software, private consultation rooms, controlled prescription pads, paper shredding, biometrics, and secured copy machines.
The same security practices should be employed when healthcare workers access records from home laptops or home computers. These networks are often less secure, and scammers can obtain information to use when calling hospitals or practices pretending to be referring physicians, pharmacies, friends, or family.
The Office of the National Coordinator for Health Information Technology (ONC) recommends best practices for mobile devices here.