Every organization has tons of patient data that is accessed by numerous individuals, transmitted across networks via email or text, and even taken home on laptops, thumb drives or CDs. If it is not already in electronic form, soon all our health data will be online in some EMR, stored on servers in data centers for practices, hospitals or Health Information Exchanges. It is up to the CEOs, administrators and other leaders to commit to a culture of data security in their organizations. Data security doesn’t just happen. It starts with the people at the top of the organizations developing and implementing appropriate policies, procedures and technology and ensuring that their staff is trained to handle confidential data in a secure manner.
I won’t harp on the HIPAA security rule, audits and penalties. Most healthcare professionals have heard it a zillion times. Yet, there are plenty of examples in the news where the same organization ends up having a data breach in the same way, multiple times (laptops stolen with unencrypted patient data). You would think that these organizations would learn from their first data breach. The sad truth is that some healthcare organizations have decided that the cost of implementing appropriate security measures to protect patient data is much more than the penalties or other financial consequences of a data breach. These organizations are willing to take that risk. The people who suffer the consequences of the data breach are real people. They have to face the potentially disastrous consequences of their personal, financial and medical information being used in a criminal manner.
Leaders of healthcare organizations should consider the effect of a data breach on their patients’ lives. The simplest way to do this to take a moment and imagine if your own medical record was a part of the data breach. How would you feel? What would you do if your personal information was available on the internet for any criminal to use? After all doctors, nurses and healthcare administrators are patients too!