Recently, I was catching up on news about a major health data security breach that happened last year. The scope of the breach was staggering, with personal information for three quarters of a million residents exposed to hackers. The state has already spent $9 million on numerous upgrades and audits, and this expense is just the beginning of what they’re faced with.
As I was reading, I started thinking about an accident I passed on the way to work. There were three cars involved, all of which looked severely damaged. Paramedics were on the scene, indicating that people had been hurt.
What struck me were the many similarities between the two situations. Significant damage. Injury. And nobody saw it coming until it was too late. Like a car accident, the last thing anybody wants is a security breach. Nobody means for these things to happen, but they do. Oftentimes, it’s simply because there wasn’t enough time to take proactive steps to avoid it.
Being proactive about data security can save you money
In a recent article by Fierce HealthIT, Chuck Christian, CIO at Columbus, Ga.-based St. Francis Hospital, compares being proactive about security to buying insurance. “Getting and maintaining funding (for security) is always a chore; that is, unless you have an ‘issue’ that you’ve recently had to deal with.”
Having funding for security helps you to be prepared in advance for unknown risks rather than responding to a crisis and paying more out of pocket in the end. Breaches are extremely costly. In the case of the Utah breach, the total cost of fraud could ultimately be about $406 million, affecting mostly banks and retailers. Additionally, HIPAA violations can realize penalties of up to $1.5 million.
But the real value is more than monetary
Although avoiding crippling costs is a big factor, what I consider to be one of the real values of being proactive when it comes to security is that it enhances patient care. Traditional security programs – which often come with challenging policies and procedures – can inhibit the ability to use patient information in a timely manner. For example, traditional off-site medical image storage can be highly secure but it is typically less accessible than a highly secure cloud-based vendor neutral archive system (VNA). A cloud-based VNA designed with encryption of data both in transit and at rest can provide not only a highly secure environment, but also the flexibility that doesn’t lock you to a “secure” desktop machine. This means that you have access to your secure data wherever you go, and on any device.
A second “real” benefit to being proactive is that your hospital and patients are protected over the long term. Not only is it essential to secure health information, but also patient identity. Today, all it takes is a name, date of birth, and social security number to have your identity stolen. As the keeper of such trusted information, it is critical to the future of your hospital to ensure this data is protected.
Ultimately, it is important to choose technology partners who take a proactive approach to security in order to help you assess risk and implement long-term solutions. Like buying insurance, you’re then more likely to be prepared for whatever comes your way.
How about you and your health system? Are you prepared?