At over $60 billion per year, Medicare fraud has become one of the most profitable crimes in America, say analysts. In South Florida, health information fraud has replaced cocaine as the major criminal enterprise. As health care providers have fully turned digital with Electronic Health Records that contain protected health information, health information data breaches are also increasing in number, frequency and magnitude across the globe.
Individuals tend to disclose the most intimate details about themselves to their doctors only with the trust that their health information will remain private and secure, whether it resides in a file at their doctor’s office, on a hospital chart, or in a claims form at their insurance provider. Protected Health Information (PHI) is being handled by a large number of stakeholders – physicians, therapists, clinics, hospitals, laboratories, pharmacists, insurers, insurance companies, law firms, telemedicine firms and other agencies.
These stakeholders are responsible for the confidentiality, integrity, and availability of all PHI they create, receive, maintain, transmit, or store. This responsibility includes implementing appropriate safeguards against any reasonably anticipated threats or hazards to the security or integrity of that information.
PHI - Threats & Vulnerabilities
Threats for protected health information emanate both from external attacks and internal sources.
External Attacks – Health care enterprises come into contact with a variety of people in a variety of ways. Sensitive information and IT resources need to be exposed or shared with partners, agencies and even customers. All these make the enterprises vulnerable to data breaches and cyber-attacks from amateur and expert hackers.
Internal Threats - Threat to information security does not always develop from outside. It could well be generating right inside the organization. Disgruntled staff, greedy techies, tech-savvy contractors and sacked employees could act with malicious intent and misuse privileged access. Even untrained staff could unintentionally unleash a disaster. The business and reputation of some of the world’s mightiest organizations have been shattered in the past by a handful of malicious insiders.
Researchers point out that more than half of data breaches involve the participation of an insider, but only 10% are unintentional – whereas 90% are deliberate and malicious and usually involve misuse of privileges.
How to combat?
Preventing or detecting a breach requires that effective policies, procedures, and technologies are in place. Without proper technology in place, policies and procedures would remain ineffective and cannot be enforced. The CISOs, CIOs, IT security, privacy, and compliance personnel of health care organizations, who are tasked with the responsibility of protecting PHI should keep in mind the fact that the benefits of investing in technologies to prevent PHI breach, far more outweigh the potential cost involved in setting them up.
ManageEngine is here to help!
Combating sophisticated cyber threats involving protected health information mandates a multi-pronged strategy incorporating a complex set activities including deploying security devices, enforcing security policies, controlling access to resources, monitoring events, analyzing logs, detecting vulnerabilities, managing patches, tracking changes, ensuring compliance, monitoring traffic and other activities.
ManageEngine has a range of affordable Enterprise Security Management Software Solutions that help you build a secure fortress enabling you to protect PHI, stay secure, ensure business continuity and enhance producvity.
A comprehensive and web-based Active Directory management and reporting software. Using ADManager Plus, automate time-consuming and painstaking administrative tasks such as user creation/modification/deletion; reduce administrative burden through helpdesk delegation; and generate compliance-specific reports.
An enterprise-wide Active Directory change auditing and reporting software so you can track each and every change in Active Directory; fulfill compliance requirements set forth by regulatory acts; and boost AD security through timely alerts and critical reports.
"Password Manager Pro is an excellent choice for password management.
Don Garvey, Director of Operations BlueVault, USA.