Protecting Health Data – 3 Things to Consider

17-HittleWhen you think of data that should be protected, health data is typically at the very top. From birthdates to social security numbers, this information, personally identifiable information (PII), is a hacker’s dream. And healthcare data breaches are on the rise, with some recent research showing a 138% increase since 2012. This is a problem not only for health care professionals, but Federal health organizations, too, that require the latest data protection tools.

In a recent blog post, which I encourage you to check out here, Audie Hittle, Chief Technology Officer, EMC Isilon, shares three key areas that organizations should be thinking about when it comes to data protection strategies. Below I’ve highlighted these three ideas:

1) Encryption: Hittle noted that smart agencies will make sure that information is protected from the data center all the way to mobile phones. And more importantly, they’ll be sure to use the correct encryption approach to address a specific requirement, rather than more general solutions.

2) Disaster Recovery: Disasters, emergencies, and mistakes happen – sometimes out of our control, but nonetheless causing outages. To comply with HIPAA and HITECH regulations, organizations must be able to fully recover these outages within a few hours though — to avoid penalty. According to Hittle, virtualizing IT environments is the answer as it allows mission-critical applications to constantly run.

3) Backup: With sensitive (and a lot) of data, comes the need to back it up. Hittle stressed the importance of a a disk-based, centralized backup system for better control of your data and a greater chance of meeting regulatory requirements.

Obviously, there’s a lot to consider when it comes to protecting health data (or all data). But Hittle’s list is a good start. Be sure to check out his blog here for more information on analytics best practices, health data, and how EMC can help your agency keep its information safe.

For even more information, check out EMC’s page on GovLoop.



Leave a Comment

One Comment

Leave a Reply

Karen Baker

Human error is a huge factor in health records. My last name is popular. My daughter’s record was linked by the pediatrician’s office to a man with the same name as her father – a man who never used the hospital system the pediatrician was associated with. My daughter’s record was linked to a woman with the same maiden name as my current name at her ENT doctor’s office. My cardiologist tried to send me off without a follow up appointment because I already had one scheduled; however it was yet another woman with my name who actually had an appointment. I received a third Karen Baker’s bloodwork in the mail, and ten years later, a condolences card for the death of her father in a hospital’s hospice unit. I went to a surgical follow up appointment with a substitute doctor who had that same woman’s record in the room instead of mine. The visit record containing sensitive personal health information for a woman who visited an urgent care office the same day as me was stuck to my visit information, put into my record, scanned a year later into my electronic record and copied and given to me a year after that without a single medical records staff person noticing. Nobody from that office was willing to report a breach to the other patient, so I called her myself and told her. I had to tell my dentist that the xray on his light board was the wrong Karen Baker. My pharmacy record mysteriously showed me to be allergic to a medication I am not allergic to – but since there is no “documentation” as to who entered it – nobody will remove it. My shared electronic record shows I take a daily medication I cannot take as it would interact with a medication I do take and could kill me. Everywhere I go I have to try to get that medication removed from my medications list. Nobody knows how it got there.

I have been denied access to view my records when they are electronic because nobody has a policy on how to allow that. Therefore, I have to purchase them first. This is not how access to medical records is supposed to work.

There must be a way for all records to have some tag showing who entered data. There must be a better way to protect against “same name” mix-ups. There must be free access to view records – even electronic so patients can check the accuracy of their files. Someone is missing a serious allergy on their medications records because it landed in mine. Until these things are taken care of, shared e-records could lead to death.