Breach of Privacy!
It is a phrase that strikes dread into the hearts of the victims, for it signifies that someone has accessed confidential data without permission. It also means that unscrupulous hackers have managed to enter highly secretive and supposedly safe places, despite the strictest security measures in place. They have managed to make a mockery of the latest ethical technological advancements in the world, via their own highly unethical ones.
Concerns about the breach of privacy are nothing new. They have been in place for years, with both, the ethical and non-ethical sides doing their best to outwit each other. Industries and the IT arena have specifically suffered. However, the most disastrous events in modern times seem to have made the healthcare industry a favorite target. The healthcare industry is keen to adopt digitalization in all ways possible, believing that it will be able to provide improved care for all. Healthcare technologies would be able to reach the remotest corners of the earth, and help the patients. However, this kind of progress also brings a new evil in its wake – breaching of patient privacy.
The following news items evince this. According to an article published by the University of Illinois, Chicago, over 750 incidents of breaches of data breaches took place in 2015 alone, wherein over 193 million records belonging to diverse patients, became victims of identity theft and fraud. Another shocking incident involved Anthem, a health insurance company. Over 78.8 million members and employees found their names, social security numbers, residential addresses, etc., becoming public knowledge. Other institutions that came under attack, included Ponemon, Premera Blue Cross, etc. Bear in mind that all these establishments are in the U.S. Just one nation confronted so much of suffering! However, if it were possible to take every such incident across the globe into consideration, the resulting statistics would be overwhelming indeed! Furthermore, it is obvious that these are not mere rumors. The very fact that millions of people have encountered fraud, suffices to indicate that everything is true!
At the same time, it does sound odd, doesn’t it? What would ‘thieves’ want with the details of other people’s illnesses? Surprisingly, they prove of great monetary value to them. Otherwise, they would not be indulging in such a seemingly ‘silly’ task. To illustrate, one advantage of having intimate knowledge about terminal illnesses or sexually transmitted diseases at their fingertips, would be the ease of practicing blackmail. In other words, it would be simple to coerce the victims into parting with huge sums amounts of money for not making such details public. Extortion is a very real crime, which has been in existence for ages.
Another advantage for the fraudsters, is the ‘borrowing’ of medical identities. Hitherto, we have only heard of people stealing bank details or social security numbers. However, in this scenario, they take over the identities of genuine patients for themselves. This enables them to indulge in tax frauds, initiate frauds involving home loans, etc. Naturally, the real owners of these identities have no option but to pay for all the mistakes being committed in their names. It also becomes possible for these thieves to undertake complicated medical treatments under assumed names, or even encouraging their illegitimate clients to do the same after handing over fat commissions. As a result, the insurance companies find themselves confronting huge bills. Thus, the theft of medical data can have long-term effects, ultimately impacting the entire healthcare industry as a whole.
There is no denying that theft of patient data is a matter of serious concern. However, healthcare information systems are here to help, and not hinder, the disbursement of medical aid to a world with a growing population. The medical fraternity cannot just discard these systems. An insight into some of the systems that are in vogue, should help.
It stands for electronic healthcare records. Earlier, hospital staff had to expend spend a lot of time and energy into maintaining patient records, albeit manually. Today, it is easy to record the same details into on a computer. This saves on time, effort, and paperwork. It eliminates human errors to a great extent. Above all, it helps medical professionals to transfer data across diverse departments, thereby providing holistic and collaborative care to each patient.
This refers to remote patient monitoring. Here, medical sensors are in place. They observe the concerned patient’s bodily operations, and record the outcomes. A study of such details enables the medical fraternity to predict medical complications that may follow regarding the concerned patient. In turn, it becomes possible to prevent them from occurring, by taking relevant actions beforehand. RPM aids in reducing readmissions to the hospital too.
Large-sized medical institutions find the idea of having a primary patient index system in place, highly useful. Each admitted patient’s details goes into storage within a master database. Therefore, healthcare professionals may access them whenever and wherever necessary. Furthermore, it prevents duplication of patients’ records.
This refers to the patient portal, which is extremely useful for patients. With the aid of their Smartphones, desktop computers, laptops, or tablets, patients may access information about themselves and their respective medical conditions. They may also request appointments, pay bills, etc., by using this portal.
Medical professionals may prescribe medications for their patients, and forward them directly to the concerned pharmacists. This helps immensely, for handwritten notes are often extremely hard to decipher, and can lead to serious errors in handing out relevant medications. Thus, administrators ensure the maintenance of patient safety. Additionally, there is an automatic recording of the concerned patient’s medication history from the beginning to the time of discharge.
Medical Practice Management System
It helps to streamline the multiple and diverse activities taking place in the day-to-day running of a medical institution. Even administrative tasks become easier to handle. In other words, the amount of paperwork and manual labor becomes lesser.
Medical Billing Software
Medical billing is a critical task, yet extremely time-consuming in nature. With health insurance companies demanding accuracy in everything, the department, often overloaded with multiple tasks, struggles with both, managerial, as well as billing duties. Therefore, medical billing software proves to be a real boon, ensuring that there is automatic recording of everything in a timely and accurate manner.
Urgent Care Applications
In action 24 x 7, such applications keep track of patients requiring need for emergency services. Patients can also access informative articles related to medicine and treatment, keep an eye on their own treatments, etc.
Suffice to say that healthcare information systems store extremely sensitive data, and need all the protection that medical establishments can provide them. To their credit, the users are striving to do everything they can, to prevent breach of patient privacy. Regardless, the thefts continue unabated.
Does this mean that healthcare authorities do not take adequate care via rules and regulations?
This is not true, for nations across the world outline what they expect medical institutions utilizing healthcare technologies to do. In fact, the consequences of not adhering to the policies, can result in stringent legal action against the perpetrators of crimes. Nonetheless, criminal mindsets manage to discover the loopholes, or even use various software to advantage, for accessing medical data. Therefore, it is a constant battle of wits between the initiators and the preventers of criminal activities involving the medical arena.
The biggest and most common cause is human errors. Every medical establishment must bring together, scientific knowledge, technology, rules and regulations, and bureaucracy, for it to function with reasonable success. In the eagerness to comply with everything, humans are bound to make mistakes. For instance, the wrong information may reach the wrong patient, or go to the wrong doctor. In case, the information is extremely sensitive in nature,, terrible consequences are bound to follow. Then again, certain important data may fail to find its way to the computer. Such omissions may prove costly for patients coming in with acute/chronic ailments. Sometimes, there is no appropriate disposal of unwanted documents. Sometimes, they are left lying around unnecessarily. There could be technical glitches at times. In short, human hands and careless mindsets can become responsible for awarding easy access to confidential patient data.
Another reason is allowing multiple users to have the same log-in details. There is no guarantee that the users are going to log in and log off carefully, after accessing requisite information. The commonest excuse is – no time to take care of it now. This results in leaving everything open to public display. Sometimes, people, who do not really need to go through patient data often, misuse the privilege that the authorities have awarded them. Like all other human beings, medical staff tends to gossip too. It is akin to word-of-mouth advertising about things that should remain hidden within computer systems, and not find their way outside them. Insiders, keen to make a fast buck, may have no compunction about sharing information with outsiders.
Often, patients may require transferring from one medical facility to another. This necessitates the transfer of healthcare data too. There could be leakage of data during this process of transfer. The information may find its way to the wrong healthcare facility, or even to the wrong healthcare professional. Such errors work to the advantage of hackers.
Finally, the hospital authorities may not be aware of it, but malware/spyware may have found its way to the computer network governing the storage of patient data.
It is obvious that mere encryptions in place will not serve the purpose. Medical establishments need to have an experienced technical team in place. These teams should check and test security measures regularly, as well as, keep all security software updated. In fact, the updating should take place regularly. Another precaution that the administrators can take is to request the technical team to replace existing software with new entrants on a regular basis. After all, IT companies strive to add improved features to existing software all that time. Regular replacements will make it difficult for hackers to become acquainted with them. It would be good to change existing software regularly, such that hackers find it difficult to cope with diverse kinds of technologies.
If possible, it would be good to limit the number of users accessing patient accounts. Similarly, administrators must take care to inform the staff about the importance of logging off websites. Regardless of the constraints placed on their time, the staff must display responsible behavior always. Then again, it is not necessary to grant hospital administrators easy access to patient databases. After all, they rarely have anything to do with patient care. In fact, they become soft targets for unscrupulous hackers. Similarly, not everyone involved with patients’ needs to go back to peruse patient data regularly. Such people should have restricted access, thereby preventing the public from gaining access to private information.
Most breaches of privacy occur when the clerical/registration staff is collecting the personal details, medical history, etc., of each patient. Sometimes, there is a steady flow of patients, causing the staff to feel overwhelmed. These individuals are only human, and prone to becoming confused at times. For instance, two patients may have similar first names and last names. Then again, there could be patients presenting themselves with similar illnesses. Some patients tend to feel impatient and harassed, thereby adding to the existing confusion. Whatever be the reason, individuals handling the entries of patient details onto computer systems, may well find themselves placing the wrong details into the wrong categories. They find themselves wasting a lot of time on rectifying these errors. Sometimes, no rectifications can take place, since the errors themselves go unnoticed. Thus, patient data is on public display at collection time, permitting alert hackers to create mischief.
Patient data may also undergo theft at the endpoint, that is, after all the information has undergone collections and categorization. Every member involved in this tedious job has access to the same log in details. As a result, the database tends to remain open to public eyes for quite some time.
Therefore, it is vital to have protective measures in place at the collection point and the endpoints. Extreme care should come into play during the transfer of patient data from one establishment to another.
Above all, it is vital that medical personnel and non-medical staff remain vigilant always. Should they notice anything unusual, they should report it immediately to the concerned authorities.
Patients come for treatment with open hearts and open minds. They place immense faith in the people looking after them, to keep their ‘secrets’ safe. It proves traumatic when they discover a ‘betrayal of faith’, whether it occurs knowingly or unknowingly. As a result, they may not be so willing to part with vital information the next time they visit a medical practitioner. This can prove detrimental to their health, and even cause life-threatening issues at times. Therefore, the manufacturers of healthcare management systems and medical establishments must work in harmony to prevent leakage of sensitive patient information.