Tuesday, January 20, 2015
Healthcare data is at risk. Worldwide, people are trying to take patient’s information, and despite continued efforts to address security loopholes across the sector, simply “taking action” to mitigate damage is not an effective strategy and it won’t work long term.
According to an Identity Theft Resource Center report from 2014, healthcare accounts for 43 percent of major data breaches, overtaking the general business sector breaches for the first time. The organization claims the recent jump in healthcare breaches could be the result of tougher reporting requirements. Breaches come in a variety of forms and are not simply classified by a loss of patient records or identity theft. Breaches can be as simple as a staff member losing a laptop or other device that contains patient data or even losing a physical patient record.
For some perspective, since federal reporting requirements kicked in, the U.S. Department of Health and Human Services' database of major breach reports (those affecting 500 people or more) has tracked 944 incidents affecting personal information from about 30 million people. A majority of those records are tied to theft (17.4 million people), followed by data loss (7.2 million people), hacking (3.6 million) and unauthorized access accounts (1.9 million people), according to a Washington Post analysis of the data.
Also, take a look at the results of a recent Forrester study. According to the Wall Street Journal, Forrester conducted a survey of 2,134 health IT pros and found only 59 percent of healthcare IT professionals said they encrypt devices such as laptops, smartphones or tablets. Forrester analyst Chris Sherman, who wrote the firm’s report, told the Journal 39 percent of healthcare security incidents since 2005 have included a lost or stolen device. “Endpoint data security must be a top priority to close this faucet of sensitive data,” he said.
As breaches continue to occur and sensitive patient data becomes more highly sought after, some organizations are beginning to realize the importance of cloud-based storage solutions to house and protect their data in the hopes of preventing loss or breach.
The move to the cloud is supported by the fact that if patient and other practice information is stored remotely in a secure and protected manner, there is no need for the transfer or collection of data on laptops, portal hard drives or other mobile and physical devices. Thus, they feel, there’s less likely a chance the data will be lost because it is always available from a web portal rather than on multiple, easily breachable tools.
Still, fear of data being breached in the cloud persists, and this is a primary reason many hesitate to move their documents there.
The cloud is the cloud and it continues to generate news about its vulnerability to hacking, but there are HIPAA-compliant solutions available to practices such as FastVaults by MEA|NEA. Online storage methods such as this t allow providers safe remote storage and transfer of patient health data and other information pertinent for dental practices. While there are non-healthcare-specific cloud storage solutions such as Dropbox, services such as FastVaults are tailored to help practices protect sensitive documents and other information while making the data easily accessible from any device. Through these secure services practices can share files with referring providers, payers and even patients via secure links sent via email.
Cloud storage solutions also can reduce a practice’s dependency on paper and help eliminate the need for physical files and storage. FastVaults provides an essential, healthcare-specific, HIPAA-compliant solution that vastly increases the level of security of a practice’s stored documents while protecting information practices are charged with managing. Cloud services provide greater security than onsite digital storage on external hard drives, USB drives, CDs and DVDs, and even network servers. As a healthcare-specific cloud solution, FastVaults adds HIPAA compliance to its online storage solution which is something consumer level services from Dropbox and Google Drive do not.
Practice leaders are finding cloud solutions require minimal time and training to implement, and less to maintain and manage than their on-premise counterparts such as paper files that are really only as secure as the locks on the office doors. Data stored offsite in the cloud remains secure in the event of a catastrophe and is easily retrievable from anywhere there is a connection to the Internet.
Despite the flexibility and ease of the cloud solutions, an overwhelming question pervades, “Is the cloud as secure as dedicated, on-premise infrastructure?” This very question was recently addressed in detail in a RackSpace report.
According to the report, the cloud is no less secure than on-premise solutions. Cloud solutions are typically created with built-in security controls and features. Worth noting, though, is that the number of attacks is increasing for both cloud and on-premise. “From 2012 to 2013 vulnerability scanning attacks jumped from 27 percent to 44 percent for cloud-hosted environments, and from 28 percent to 40 percent for on-premise datacenters.”
Hospitals and healthcare organizations moving to the cloud are likely to face similar threat levels as if their data and technology were stored onsite. At this point, it would be foolish to proclaim that the cloud is less safe than on-premise solutions or that on-premise solutions are impenetrable to breach.
Keeping data on site doesn’t make it safer. Moving it to the cloud doesn’t make it more vulnerable to breach. Though this fact won’t help protect data in any way, it may help dental practice leaders realize there are alternative approaches or solutions to where data can be kept and how it is secured and managed.
Whether choosing an on site, server based approach or a cloud solution, every dental practice needs to take the steps to secure its data. Using commonsense methods and establishing partnerships with others who can do some of the heavy lifting for protection when it’s needed is the smart way to go.