63% of U.S. Healthcare Organizations are Putting Patient Records at Risk
The majority of healthcare organizations are not doing enough to protect patient privacy, according to a report by IS Decisions, a security software provider.
To secure patient records, a healthcare organization must ensure that each employee has a unique login so that an unauthorized user cannot access a patient’s records. However, the IS Decisions report shows this is not happening.
82% of healthcare employees have access to patient data, but 30% do not have unique logins, which means that multiple employees could use the same login data. When this happens, it is impossible to tell whether a user is accessing records that they should not.
Another 37% of employees are given concurrent access, which means they can logon to a number of different computers at one time. Again, this endangers patient data and violates the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA rules specifically state that healthcare providers must:
- Ensure the confidentiality, integrity and availability of all patient records that are received, maintained or transmitted.
- Protect against anticipated threats to security.
- Protect against impermissible use or disclosure of patient information.
- Make sure employees are following these guidelines.
While it is important for doctors and other healthcare providers to have critical patient information at their fingertips, patients must have their privacy respected and protected. These possible security breaches not only endanger patient financial information, they could also allow unauthorized users to know confidential details about patients’ health conditions.
There are a number of things healthcare organizations must do to comply with HIPAA. First, authorized users should be given unique login credentials and training on an access management system. Currently, 29% of healthcare professionals did not have security training when they were hired and only 55% of existing employees were trained.
“Healthcare organizations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients,” Francois Amigorena, CEO of IS Decisions, said in a statement. “Information of this critical and confidential nature should only be accessible by authorized users and it really should not be a complicated process. This can be easily achieved with the right combination of implementing access control policies, applying user identity verification and improving user activity auditing.”