Protect key data with digital security
Protect key data with digital security
With the Obama administration offering up to $19 billion in incentives as part of the federal stimulus package for medical providers to go digital, and the goal for every American to have an electronic health record by 2014, the potential for data breaches dramatically increases.
Going digital raises new security concerns for any health care organization's risk management team, who must work with IT to ensure their organizations remain HIPAA-compliant. Some health care providers are finding that technological advances can help mitigate the risk of a data breach and ensure patient privacy. The Hanley Center, a drug and alcohol rehab center in West Palm Beach, FL, recently tackled the issue and chose to electronically monitor how sensitive data are transferred.
Michael R. Counes, BS, CAC, MCSE 2K3, director of information technology and education at the center, says the growing risk of a data breach led Hanley to use technology designed to monitor transfers of data to removable media to make sure patient data are not leaving the premises and ensure confidential charts are not being accessed by people without an express need. The provider's system, which cost Hanley about $7,000, also monitors Internet usage and prevents some types of inappropriate access.
The Hanley Center has been using the monitoring software for two years, and Counes says it is primarily an educational tool for employees, rather than an enforcement tool.
"I find that 90% of our users are not the people going to look at things that are inappropriate or unethical," he says. "They just don't understand the impact of Internet use and accountability, especially with all the access to streaming movies, downloadable music, and social networking sites. They don't get how that kind of usage impacts our network."
Doug Taylor, marketing director for SpectorSoft, says the software works silently behind the scenes on the computer, recording a detailed description of any activity on that unit. The system even records screen shots of the computer usage so that, if the data report leaves any doubt about what happened, the screen shots can show exactly what the user saw at the time in question. The software can generate reports tailored to any particular concerns of the health care provider, he says. Some providers may want to monitor who is downloading the most files, for instance, or some may be concerned about who is accessing certain sensitive files.
The system also allows Counes to monitor USB downloads, which he says is critical in a health care setting. Without some type of monitoring, anyone with access to protected health information could easily download it onto a portable drive with no record of the transfer. Counes had considered restrictions that would make it impossible to download onto a portable drive, or require passwords to do so, but some departments, such as marketing, download onto drives so often that such restrictions would be too cumbersome.
"Now, I can allow the download, but I can monitor it on a daily basis and see exactly who downloaded what," he says. "I can see exactly what goes in and out of that USB thumb drive, down to the individual keys they type in."
In addition, the system can provide reports on exactly what employees are doing with their time on the computer - what sites they visit, what files they transfer, whether they use chat or instant messaging, what programs are used, and the length and time that the computer or individual programs are used. Some software systems, including the one Counes uses, allow the option of setting key words that will trigger alarms to the person monitoring usage. For instance, the health care provider can set certain words to trigger the system if anyone searches for them in a patient's medical record.
"With HIPAA compliance, it is critical to know what documents are being accessed and how, and you really don't get that kind of documentation unless you use some type of software system that can monitor automatically and generate a report for you," he says. "If there ever is any question about a breach, you will be able to go to your records and either show that it didn't happen, or figure out precisely how it did."
With the Obama administration offering up to $19 billion in incentives as part of the federal stimulus package for medical providers to go digital, and the goal for every American to have an electronic health record by 2014, the potential for data breaches dramatically increases.Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.