If one could sum up the 2010s in one word, that word would be “data.” And the healthcare industry has not been immune to the data revolution. The Health Insurance Portability and Accountability Act’s (HIPAA) primary area of concern in 2017 has been data security. That said, HIPAA breaches such as employee gossip, for example, still pose a threat to protected health information (PHI).
Students pursuing a Doctor of Nursing Practice program must be intimately familiar with HIPAA and cybersecurity. Their careers will bring them into close contact with protected confidential material on a daily basis. They will also be tasked with finding new ways to train their nursing staff to identify and help combat cybersecurity threats.
Over the past few decades, everything from medical records to prescriptions, credit card numbers, insurance information, and confidential details of all sorts have been transferred from paper files to computers in the form of electronic health records (EHRs).
The benefits of EHRs include portability, accessibility by multiple users, and networkability enabling providers, patients, and payers to coordinate efficiently. However, EHR security breaches range from simple flaws in network security to determined, focused attacks maliciously orchestrated by expert hackers.
In May 2017, a simple authentication flaw in Molina Healthcare’s network exposed up to 4.8 million patient records. The exposed data included names, addresses, birth dates, diagnoses, and other medical information about individual patients, according to healthcare IT expert Jessica Davis in her Healthcare IT News article, “Molina Healthcare Breached, Exposed Patient Data For Over A Month.”
While the majority of HIPAA breaches involve unauthorized access to protected information, the ways these breaches begin don’t always involve computer hacking. Data breaches can start with something as seemingly innocuous as a lost cell phone.
Several types of HIPAA violations can be found among healthcare organizations, according to HIPAA training authority Jason Karn in his NeuMD blog post, “The Top Ten HIPAA Violations And How To Prevent Them.” They include:
Essentially, healthcare facilities can best avoid HIPAA violations through proper training, encryption of sensitive data, and the establishment of strict procedures. Students studying to be doctors of nursing practice will eventually be in positions to have responsibility for their patients’ PHI.
Training programs must also focus on the social networking habits of healthcare employees. Personal social network accounts should be kept separate from business accounts, personnel should avoid “friending” patients, and everything posted on social media should be assumed to no longer be private, according to healthcare law expert Kyna Veatch in her Law360.com article, “A Checklist For Avoiding HIPAA Violations On Social Media.”
Most modern-day HIPAA violations involve EHRs, in one way or another. EHRs can be accessed through healthcare facility computers, doctors’ and nurses’ mobile devices, and apps installed on patients’ smartphones. More access points to secure networks mean more security vulnerabilities.
Calyptix Security warns healthcare businesses in its company blog post, “Healthcare Data Breaches Expected To Dominate 2017,” that stolen EHR information can be used to open fraudulent credit cards, bill insurance companies and government medical services (including Medicare or Medicaid), create fake IDs, and obtain controlled substances.
Ransomware is potentially the worst possible hacking assault a healthcare organization can face. In a ransomware attack, hackers break into a secure system and encrypt files so that they can no longer be accessed. The hackers then exchange the decryption key for a ransom (usually in Bitcoin).
Encrypted files will grind a healthcare business to a halt. Patients’ medical records will be inaccessible for the duration of the attack, so unless a backup copy exists on a separate server or in hard copy, healthcare providers will find it next to impossible to treat patients.
Even though some hospitals have paid ransoms to hackers in the past, the FBI recommends never paying. The best way to guard against ransomware is to have separate backup servers in place, just in case.
Duquesne University’s online Doctor of Nursing Practice program educates graduates to be ready and able to affect the way healthcare is practiced. Coursework in healthcare policy, finance, information systems, and translating evidence into practice will enable students to increase their facilities’ overall efficiency and effectiveness by adapting policy to the ever-changing landscape of healthcare. Contact Duquesne University today to learn more about its online DNP degree.