Data Security as Healthcare Goes Digital


In a trend accelerated by the Covid-19 pandemic, patients and their healthcare providers have been transitioning to partially digital models of service. In these models, many services now can be offered by phone, video call, secure messaging apps, and more. Patients have largely appreciated the greater access and convenience. Meanwhile, care providers have been able to work more efficiently thanks to more technology support.

However, this shift to a hybrid model of care hasn’t been completely smooth. Cybercriminals have taken advantage of sometimes messy transitions to break into healthcare databases, hold computer systems for ransom, and make off with private patient data. In 2021, there was a record-breaking 686 healthcare data breaches that left almost 45 million healthcare records exposed or stolen.

This is a complicated problem. Patient medical files have always needed to stay accessible to the right people. A few years ago, it was simple enough to keep paper files in a secure room and sign in when someone needed to read them. But healthcare will continue its trend of recent years to become distributed as smaller units of care from several specialists, providers and assistants. 

Patients seeking convenience began moving away from the centralized hospital setting, to the local urgent care and now increasingly, into the home, as seniors choose to age in place. This has created demands on the medical record need to be accessible in real time to multiple providers. Now many files exist as purely digital copies. And these files are only as safe as a healthcare provider’s computer and network systems.

Care agencies have been stepping up in the face of this growing problem with a multi-pronged approach to information security. Patients and clients, meanwhile, also have a vital role to play in preventing data breaches.

What Causes a Data Breach?

Data breaches are usually caused by weaknesses in existing technology or mistakes in user behavior. On the technology side of things, breaches may happen when software isn’t updated to the latest security patch, or the web browser itself is hacked. Sometimes, patient files may be sent to an unsecured printer that can be hacked. In more physical events, hard drives may be removed from the building, or a laptop with login information is stolen from an employee’s car.

On the human side, healthcare staff and patients who improperly access files can lead to data exposure, even innocently as when a staff member borrows a co-worker’s computer station and accidentally reads or sends the wrong patient’s file. 

Perhaps someone clicks on a false link or email attachment, infesting the hospital computer with malware. A patient may use an easily guessed password, or a user’s credentials may have been stolen on a different website, and unfortunately they use the same password for different applications.

How Healthcare Providers Protect Electronic Health Records

Electronic health records are typically kept in a healthcare provider’s database. What are these agencies doing to maximize client privacy? Current best practices include staying compliant with all legal regulations on data privacy such as HIPAA laws and local restrictions. Other measures include keeping patient data secure and encrypted at all points in the establishment’s network, including in peripheral devices like printers and fax machines.

Organization security officers proactively stay informed of current scams and potential security weaknesses, educating and then regularly re-educating staff on hospital policies to guard patient data, as well as how to identify potential cyber attacks and phishing attempts. Organizations are developing comprehensive response plans to hacking, both for a cyber attack in progress and for a data breach discovered after the fact.

Additional measures include using secure methods for virtual and phone-based patient visits, and educating patients on how to securely use hospital portals, video communication applications, and other technology that they may not be familiar with. Providers now need to keep a log of who accesses a patient file, when, and what changes they have made. And of course, regularly backing up data in a secure location means that if files are lost or tampered with, they can be reverted to a recent copy.

How Patients Can Help Protect Their Data

Cybercriminals may not be able to overcome a well defended computer network, but the vulnerable point remains with the patients themselves. Education includes teaching people to  protect their own data, from medical history to payment information, by establishing strong passwords and avoiding easily guessed ones like family names and home addresses. Further security comes with using a different password for each service provider, and setting a new password regularly, choosing something completely novel (instead of, say, tacking the current year onto the end of the old password).

Educated patients use two-factor authentication to log into a portal, and make sure they are completely logged out after a session. Some have begun using a VPN, spam filters, and antivirus solutions.

Other good habits include avoiding potentially unsecured networks such as from cafes, and instead logging in only at home or at work; keeping security patches up-to-date on all devices including phones, tablets, computers, and wearable devices; and avoiding suspicious links and attachments sent by email. And as providers teach, when in doubt, patients should call them to verify online messages – using the provider’s real number, as listed on patient documents.

Security Breaches Need Fast Action

Patients and healthcare providers are partners in dealing with data security breaches. To minimize the damage, both sides need fast action and transparency.

The healthcare provider needs to implement their disaster plan as soon as they realize there has been an attack on their system or a successful breach. This plan should include alerting both government agencies and the patients. These agencies can step in and help contain the problem. Meanwhile, patients will be able to move quickly to protect themselves from fraud and identity theft.

On the other side of the equation, patients who realize someone else has their password need to inform the healthcare provider as soon as possible. The healthcare agency may be able to lock down their account, revert altered files, and protect other patients’ records. Ultimately, both parties have the same goal: excellent and convenient healthcare without sacrificing data privacy.

About Author

LaDonna Dennis

LaDonna Dennis is the founder and creator of Mom Blog Society. She wears many hats. She is a Homemaker*Blogger*Crafter*Reader*Pinner*Friend*Animal Lover* Former writer of Frost Illustrated and, Cancer...SURVIVOR! LaDonna is happily married to the love of her life, the mother of 3 grown children and "Grams" to 3 grandchildren. She adores animals and has four furbabies: Makia ( a German Shepherd, whose mission in life is to be her attached to her hip) and Hachie, (an OCD Alaskan Malamute, and Akia (An Alaskan Malamute) who is just sweet as can be. And Sassy, a four-month-old German Shepherd who has quickly stolen her heart and become the most precious fur baby of all times. Aside from the humans in her life, LaDonna's fur babies are her world.

0 0 votes
Article Rating
Newest Most Voted
Inline Feedbacks
View all comments
2 years ago

Among the most frequent wishes of patients – an individual approach, free access to medical information, as well as the possibility of self-monitoring and control over their health. Mobile applications can provide such opportunities, find more about healthcare mobile app development here

Neol Naan
1 year ago

Hello are you Looking for high quality bulletproof helmet with face shield
We are working hard to serve clients from outside of China as forward-thinking tactical helmet manufacturers.