Patient privacy is a top priority for the medical community. Patient data should be virtually secured. It is critical that staff understands what security measures are required and how to implement and utilize those methods.
Last Tuesday the Redwood Memorial Hospital announced that it lost a thumb drive that may have contained information on more than 1,000 patients. This information contained data that could lead to identifying individual patients. The thumb drive was not encrypted. The hospital notified patients that are potentially affected and set up a hotline to answer questions related to the situation.
There were multiple factors leading to the security failure in this situation. The first, and most obvious breach is that all patient data should be encrypted. The second mistake leading to the leak is identifiable patient data should not travel offsite unless necessary to transfer information.
There are multiple ways to encrypt patient data. Facilities should have network security measures, two-factor authentications for individual computers, and encrypted portable devices.
For an article with more details on this breach visit this site: http://www.times-standard.com/localnews/ci_24560866/redwood-memorial-thumb-drive-patient-data-missing-eureka
- Encrypt any device that is contains identifiable information on patients.
- Make email passwords unique from any other password protected site or device.
- Use available products on the market to secure information stored on hard drives and flash drives.
- Disk and flash drive encryption is available with products such as YubiKey. (http://www.yubico.com/applications/disk-encryption/)YubiKey can increase the security of the data on a hard drive by using a two-factor authentication or in conjunction with open source software such as Truecrypt.
- TrueCrypt is a free open-source software that improves security. More information on the software can be found here: http://www.truecrypt.org/
- Use two-factor authentication to reduce the chances of unauthorized eyes viewing or using the private patient data. More information on two-factor authentication can be found here: http://rippleit.com/understanding-two-factor-authentication/
- Ensure that all mobile devices with patient information, portals to access patient information or email accounts are protected. For more information on protecting your mobile device visit this site: http://rippleit.com/secure-your-phone-or-mobile-device/
- Improve network security with these steps for small businesses: http://rippleit.com/top-ways-to-improve-network-security-for-small-businesses/