Hospital Data Loss Draws Tougher Scrutiny, Penalties
Every so often the medical community gets a reason to fear the loss of critical data concerning their patients’ personal medical information. Far greater than a lost laptop or stolen thumb drive, hospital data loss comes with some serious consequences when the system’s security has been compromised.
When it comes to data security, lack of care given to security or insufficient compliance practices will result in hospital data loss, and it’s a problem that happens far too often in the health care industry. Federal officials are taking notice, as are state officials, and they’re ratcheting up fines to push administrators into developing better practices. Some penalties can include jail time.
Delicate information on millions of patients is lost every year. Close to 500 cases of lost data are documented every year to the U.S. Department of Health and Human Services, and each one of those cases resulted in the loss of a piece of hardware containing information on 500 or more patients.
Obviously, health care officials realize there is more that can be done in the area of cyber security and various compliance practices that would prohibit employees from casually losing small physical items that contain huge amounts of information. Safeguarding practices covered in the culture of compliance should be something the medical community is embracing at a more serious level.
One of the first things the health care industry should do is encrypt its data. Nearly 80 percent of all hospital data loss could have been curtailed if the information was encrypted. Experts agree that when a hospital staffer is in possession of the medical data of its patients, they have not only an ethical responsibility, but a moral and legal responsibility to keep that data as secure as possible.
The American Hospital Association has been cited for not doing enough to manage safeguards that the medical community should be following. The association does recognize that as more information is stored electronically, hospitals need to take responsibility to safeguard that information.
Most people dealing with technology view data loss as something that happens when there is a catastrophic hardware failure or an act of nature that wipes out a data storage facility. Those situations do account for a majority of hospital data loss, but it’s human error that comes in second. Some instances of human error include the loss of laptop computers that contain data of 10s of thousands of patients, unencrypted.
Most thieves are only interested in the computer or thumb drive itself rather than the data. But once it’s in the wrong hands, anything is possible, including identity theft. Health and Human Services can level massive fines on institutions that violate privacy laws. In some cases they’ve handed down $1.5 million fines. Nearly every state in the union has laws that level fines against violators or criminal prosecution when things go wrong.
For the critical care of critical technology, more medical practices are turning to OffSite Image Management, Inc., for their radiological data storage and data sharing needs. Disaster prevention is just one focus of OffSite, where business continuity practices keep health care professionals confident and in compliance.