Whether you’re a small practice or a city hospital, your management of patient data is critical to the safety of your patients and your organization. This means knowing fact from fiction when it comes to the best security practices. Here are 10 myths about patient data security with tips on how to best ensure its safety.
Myth #1: Patient data stays within the practice where it was submitted.
According to the Health Insurance Portability and Accountability Act (HIPAA), practices can share de-identified and anonymized patient data under two circumstances. First, the “safe harbor” method involves removing 18 categories of individual, identifiable data. Second, an expert must see a professional in statistics approve the data as “de-identified.”
This also helps facilitate medical studies on public health, epidemiology studies, life sciences research, retrospective cost analysis, operational improvement, and more.
Myth #2: You cannot identify a patient from anonymized data.
Despite taking steps to anonymize data as required or recommended by data security best practices, re-identifying a patient with anonymous data is possible. However, if data has been de-identified down to an aggregated census data level, it can’t be linked back to an individual.
Myth #3: Medical devices can’t cause an electronic health record (EHR) security breach.
When considering how to increase data security, medical devices are often ignored. This is because devices don’t typically store protected health information. They are, however, connected to the Internet and could therefore link hackers to other areas of the network.
Thus, for the best data access security practices, you should avoid putting remote desktop protocols on medical devices in order to deny potential hackers an entry point.
Myth #4: All patient data is 100% accurate.
Medical records are considered highly sensitive data and are awarded some of the highest levels of healthcare IT security. But they’re still not always accurate. When patients are asked uncomfortable or awkward questions, they can and sometimes do lie to avoid embarrassment.
For this reason, economists argue that we should apply behavioral economics to create a more complete picture of this situation. Of course, this doesn’t make patient data security any less critical, since differentiating genuine and false data at this stage is not yet possible.
Myth #5: Patient data represents a full scope of the patient’s health.
Although patient data requires high levels of protection, it doesn’t paint the entire picture by itself. In order to see the full scope of a patient’s health, you would need access to a patient’s lifestyle data and patient data over a very long period of time. This would allow you to form a Longitudinal Life Record (LLR), a format that provides a much greater representation of a patient’s health.
Myth #6: Patching a medical device can cause an electronic health record (EHR) security breach.
Some believe that patching medical devices can cause the device to stop working, which would seriously affect the work of a medical professional. However, failure to patch can actually put patient data security at risk. This myth stems from device manufacturers making such claims to avoid making expensive changes.
Myth #7: Stationary imaging machines can’t put patient data security at risk.
MRI, CT, and similar imaging machines aren’t thought to pose any risk to data. As such, protecting them isn’t often considered in most data security practices. In truth, these devices are all linked together through the Internet, creating potential access points for cyber hackers. Using these kinds of machines only for their intended purpose is essential. Anything else leaves them open to attack.
Myth #8: Patients own their own medical records.
Many believe that patients own their own medical records. This, however, isn’t true. Although they can access their own records, they don’t actually own them.
Ownership of patient data varies by geographic location and, in some cases, belongs to the physician or practitioner. In other cases, it belongs to the place they were created.
Myth #9: Patients have no say in how their data is used.
Contrary to the patient data ownership myth, the idea that patients can’t control what happens with their data is a common belief. Over time, many expect to see data security practices shift, so patients will have more control over what happens with their medical records.
Myth #10: HIPAA protects all kinds of data.
HIPAA is primarily focused on protecting the data surrounding patient-provider interactions. Some believe HIPAA also covers lifestyle data, such as data recorded by wearable fitness devices or found in gym records. This would only be the case if a patient gave the data to a medical practitioner. This method is becoming more popular with remote patient monitoring, because certain patients require more thorough monitoring.
For more information
Ready to increase data security, and reinvent your digital healthcare organization? Scale Technology is here to help! Contact us today at (501) 213-3814, or submit this form to request a free IT consultation.