Cyber Security and the need to protect of vital information has recently been in the forefront of the news. Recent examples, including the hacking of Sony’s PlayStation Network and the RSA security breach demonstrate that even well-protected networks are vulnerable to attacks of ever-increasing sophistication. I am sure that most people consider their personal health information to be some of their most closely guarded data, so we in the healthcare data industry have an obligation to do our utmost to protect the privacy of our patients.
A recent article in New York Times by Milt Freudenheim revealed some startling statistics about security breaches of healthcare information. Freudenheim states that in the last two years alone, personal medical information of over 7.8 million people have been exposed improperly. Incredibly, a single case involving the theft of 1.7 million records from an unlocked van of a records management company was reported.
In addition to the theft of information, vulnerabilities are rampant. An audit cited by Freudenheim noted that lax security such as unencrypted personal information stored on machines that could be vulnerable to unauthorized access continue to leave personal and health information at risk. Although the Health Insurance Portability and Accountability Act, or HIPAA, of 1996 mandates, by law, that such information is to be held private, the author states that tests show that nominally anonymized data can be de-anonymized using basic computer tools commonly available.
As healthcare analytics professionals with access to databases and computerized medical record systems, we are always in contact with patients’ most private information – and not always in anonymous format. We must, therefore, take every precaution to ensure that the information we come across is kept secure. The most basic of precautions include:
- accessing databases and servers over secure connections (i.e., Virtual Private Network, or VPN)
- extracting and locally storing only strictly anonymized data
- encrypting any files that might contain identifiable information
- ensuring the physical security of your computer (i.e., strong password protection, encrypted hard drive)
Data breaches can result in a financial (and reputation) hit on a Healthcare Organization. Healthcare analytics professionals must continue to earn the trust of healthcare leaders and patients alike by demonstrating respectful and secure use of private information.