Health Data is a Prime Target: How to Minimize Risk

Health Data is a Prime Target: How to Minimize Risk

More than 60 percent of healthcare organizations suffered a data breach in the past 12 months, according to information security researcher Ponemon Institute. In total, over 5 million healthcare records were exposed or stolen among entities studied by Ponemon.

Recent incidents show no abatement in cybercriminals’ attraction to healthcare data. For example, Florida Hospital reported earlier this month that patient information on 12,724 individuals might have been exposed through a malware infection on three of the organization’s websites. Three months earlier, St. Peter’s Surgery & Endoscopy Center in New York disclosed that hackers had potentially gained access to server-based medical records of nearly 135,000 patients.

Healthcare in the Crosshairs

Approximately 7 million patients will have their data compromised by hacks in 2019, estimates consulting firm Accenture, racking up billions of dollars in costs to hospitals and health systems.

What makes the healthcare particularly vulnerable?

A Computerworld report explains that healthcare data, which includes personal identifiers and medical histories, can be sold virtually unchallenged over time on the black market. In contrast, financial data often becomes useless once a breach has been discovered and passcodes changed. Cybercriminals, aware of the premium value of healthcare records, focus their attacks in pursuit of the greatest possible returns.

Other factors contributing to healthcare’s data security liability include:

  • increasing access to medical records as entities share information across integrated sites of care;
  • legal requirements to store medical records for extended periods of time;
  • efforts to connect electronic health record systems, often relying on unsecured patches that can open the door to unauthorized entry; and
  • inadequate education of employees about modes of cyberattacks.

On a broader scale, but not to be discounted, foreign governments’ so called “state actors” may attempt to accumulate healthcare data that could help in social engineering of future attacks. Such a tactic might deploy emails to individuals who have a specific medical condition — with malware linked to prompts for more information.

Risk Mitigation

Big data sets in healthcare, despite ever-increasing volume, can be managed through ongoing risk assessments and implementation of preventative security controls, such as continuous monitoring programs. However, those measures come at a cost that must be weighed against the uncertainty of threat protection.

“Each organization needs to evaluate risk and its security needs in the context of its organizational and business requirements to determine where it makes the most sense to invest their people, time and financial resources,” advises Christine Sublett, a member of the Department of Health and Human Services’ Healthcare Industry Cybersecurity Task Force.

NetDirector’s HealthData Exchange platform deserves consideration as healthcare organizations work through their cybersecurity evaluations. The system combines HIPAA-based security and HL7 standard interfacing compliance — with attestations available upon request. Additionally, NetDirector uses a physically secure Peak10 facility for hosting customer data. This approach ensures data integrity without the need for additional IT investment and the associated risk of self-managing connection points among exchange partners.

For more information on HealthData Exchange, please contact us or request a free demo.

Predictive Recurrence: The Fight Continues Against Opioids

NetDirector-Substance-spilled-pills

U.S. opioid overdose deaths spiked five-fold between 1999 and 2016, culminating in 42,249 fatalities two years ago, according to official statistics from the Centers for Disease Control and Prevention. The government figures also estimated 11.5 million Americans misusing prescription opioids and 2.1 million people confirmed with opioid use disorder.

Federal response has prioritized better addiction prevention, treatment and recovery services, along with improved public health surveillance and new approaches to pain management.

Meanwhile, academic and private sector entities are making headway applying technology to combat the nationwide epidemic.

How Technology Can Help

Researchers at the University of Colorado investigated how frontline physicians could identify patients susceptible to chronic opioid use. A study published in the Journal of General Internal Medicine (February 2018) applied a statistical model to retrospective electronic health record (EHR) data and correctly predicted chronic opioid therapy (COT) — a measure of future chronic opioid use — in 79 percent of hospitalized patients.

Integration of the COT model within EHRs could enable clinicians to “provide early patient education about pain management strategies and [potentially] wean opioids prior to discharge while incorporating alternative therapies for pain into discharge planning,” says the research team’s report.

Among the variables incorporated into the model: medical and health diagnoses; substance and tobacco use disorder; chronic or acute pain; surgical intervention during hospitalization; past year receipt of opioid or non-opioid analgesics or benzodiazepines; opioid receipt at hospital discharge and morphine equivalents prescribed per hospital day.

Lead author Susan Calcaterra, MD, told Health Data Management, “The nice thing is that all of the data required to assess risk are available already documented in the EHR, and providers do not need to ask for additional information from patients.”

The research team, which anchored the study at a Denver safety-net hospital, plans to expand its work to validate the model in a wider patient population.

Separately, a paper released (May 2018) by health information network Surescripts focuses on technologies that could inform decisions at the point of care with more actionable intelligence. The paper points out that standard transactional information flow — captured in medical and medication histories, electronic prescriptions, provider communications and medication adherence alerts — could help close the loop on drug diversion and improper dispensing.

Simply increasing use of current technologies could have a significant impact on curtailing the opioid epidemic, the paper emphasizes. Author Paul Uhrig writes, “[The] good news is that health data and information technology exist today that can lead to better care decisions and curb fraud and abuse.”

Automated Tracking

Likewise, NetDirector is actively engaged in leveraging integration technology in support of addiction recovery caregivers. Cloud-based integration with state-sponsored controlled substance databases allows seamless monitoring and comparison of data to ensure that recovering patients are not seeking drugs beyond their treatment program.

Integration is live for North Carolina, with application to other state programs available on demand. Delivered on a platform-as-a-service basis, the Controlled Substance Tracking Model is priced per data extraction/use. For more details on pricing and delivery, contact NetDirector or request a free demo.