The field of health and medicine has changed drastically over the past few decades. No longer are paper files used to store patient information; computers and other electronics are now being used for this purpose. The “digitization” of medical records has undoubtedly improved the medical field, allowing for faster service. But it has also raised concerns regarding patient privacy, as medical computers and devices can be hacked just like any ordinary computer.
It's estimated that nearly half of the US adult population has been the victim of a hack attack. Hackers may target users for their financial and personal information. Unfortunately, though, there's been an increasing number of attacks on medical companies, as well, such as Anthem and Premera, Inc. Hackers have stole millions of documents containing the Protected Health Information (PHI) of patients, prompting government officials to sound the alarm over the need for stronger privacy and security in the medical field.
The Food and Drug Administration (FDA) recently announced that it was requiring all manufacturers of medical devices to include cyber security measures into their new devices. According to the new guidelines, manufacturers must implement meaningful cyber security measures into their devices to protect against hacking and unauthorized intrusion. The exact measures required will vary depending on the type of device, its intended use, vulnerability concerns, and risk to the patient.
The Office for Civil Rights (OCR) has also begun to crack down on violations stemming from the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Unlike the HIPAA Privacy Rule, the Security Rule pertain strictly to electronics forms of PHI, which is often stored on computers and digital devices.
Doctors and other covered entities are required to implement safeguards to prevent the unauthorized access of patient data. These safeguards can be broken down into several different categories, including physical, technical and administrative. Physical safeguards involve tangible preventative measures, such as locked doors and privacy screen protectors; technical safeguards refer to digital measures to protect patient data, such as firewalls, proactive network monitoring and unique user logins; and administrative safeguards refer to policies and procedures that are intended to protect patient data from disclosure.
The medical field is certainly changing, with physicians becoming more reliant on digital technology. The good news is that laws are now catching up to help secure patient data while preventing disclosures from happening.