Government auditors stressed the need for hospital network
security in the New England Journal of
Medicine last month. The auditors claimed that hacking into patient
electronic health records (EHRs) can be as easy as tapping into the system
using a laptop in the hospital parking lot. To prove it, they did exactly that.
Security breaches like the one demonstrated by the auditors have
resulted in 300,000 Medicare beneficiary numbers being compromise. This has ramifications
for all of us, not just the individual whom the number belongs to. According to
MedPage Today and the New England Journal of Medicine, breaches
in patient information can enable insurance fraudsters to defraud private
insurers as well as Medicare and Medicaid. Taxpayer money is then drained away
from services, resulting in waste and higher costs for beneficiaries. Additionally,
patients can suffer harm if hackers change information in the patient’s EHR. Mislabeling
a medical condition can lead to improper treatment, and changing the frequency
that a prescription can be filled can leave patients without critical medicine.
Auditors and their colleagues from the Office of
the Inspector General (OIG) at the Department of Health and Human Services
(HHS) recommend that best practices for security be employed both in and out of
hospitals. They recommend measures like password protection, firewalls,
antivirus software, private consultation rooms, controlled prescription pads,
paper shredding, biometrics, and secured copy machines.
The same security practices should be employed when healthcare
workers access records from home laptops or home computers. These networks are
often less secure, and scammers can obtain information to use when calling
hospitals or practices pretending to be referring physicians, pharmacies, friends,
or family.
The Office of the National Coordinator for Health Information
Technology (ONC) recommends best practices for mobile devices here.
No comments:
Post a Comment