Healthcare data security is a major concern for all practices, especially those transitioning into using Electronic Medical Records (EMRs).
Patients, too, care about their data privacy. In one report, 74% of those surveyed said that it was “very important” to them that they have some control over who has access to their personal information.
Data breaches related to private healthcare information continue to be an issue as well.
In March of this year, an estimated 106,000 patient records were breached in a single incident with a third party vendor.
There was also a delay in the reporting of the incident, and the U.S. Department of Health and Human Services’ Office of Civil Rights fined those involved $475,000 for failure to report.
The costs of a breach are certainly high, but the real question remains: How much does it cost to prevent a breach from happening in the first place?
How Much Does a Healthcare Data Breach Cost?
Preventing a breach in privacy from occurring is certainly better than dealing with the aftermath of a security incident.
By 2024, it’s predicted that nearly $1 in every $5 spent in the U.S. will be on healthcare.
With an estimated 5.8 percent annual growth rate over the next decade, healthcare spending (as a share of GDP) is also predicted to rise from 17.4% to almost 20% in 2024.
With this growth, healthcare providers will be under mounting pressures to control costs, which includes making cuts to operational expenses, such as data loss prevention.
But the reality is that the cost of dealing with a breach will be significantly higher than the costs to prevent it.
The average cost for implementing an EMR system for a single physician is around $163,765.
But the average cost of a healthcare data breach is $4 million.
Challenges to Healthcare Data Security
That’s not to say that it’s always easy to prevent data loss.
There are many challenges, both financial and otherwise, that might prevent healthcare practices from implementing the proper safety measures.
1. It’s hard to capture data
Capturing data that is clean, complete, accurate, and properly formatted for use in multiple systems can be a problem for many healthcare practices.
In one recent study, EHR data matched patient-reported data in just 23% of records.
Having incomplete records can waste valuable hours (and payroll costs) for healthcare staff members that have to collect that information later on.
2. Data cleansing is expensive
In order to ensure that data is clean (so as not to waste staff hours), many practices will outsource their data cleansing.
Data cleaning – also known as cleansing or scrubbing – ensures that datasets are accurate, correct, consistent, relevant, and not corrupted in any way.
Some IT vendors offer automated scrubbing tools that use logic rules to compare, contrast, and correct large datasets.
While these tools are more precise and can reduce time and improve accuracy, outsourcing this process can also add to expenses.
3. Data storage can be equally pricey
While EMR are important to protection, and worth the cost, implementing and integrating an EMR system may be more expensive for smaller practices.
There’s also an issue of data storage costs.
While many practices are more comfortable storing their data on premises – which gives them more control over security and access – maintaining an on-site server network can be expensive.
A cheaper alternative is to use a cloud-based storage system, but that also leaves privacy data vulnerable in certain situations.
4. Third party vendors may be vulnerable to a breach
Sometimes the security issue won’t be within your own practice, but with a third party vendor who also has access to private data.
It will be important for healthcare practices to properly vet any third party contributors and ensure that their technology and security practices are equally up-to-date.
But having a process or plan in place for a third party data breach can be difficult for many healthcare practices.
5. Data can be hard to secure in general
Data criminals, like hackers, are also a large concern for many different industries outside of healthcare.
Hackers are getting smarter about how they procure sensitive information, and it can be difficult for many practices to prevent breaches from occurring, even under the best of circumstances.
The HIPAA Security Rule does include a list of technical safeguards for organizations storing protected health information (PHI), including transmission security, authentication protocols, and controls over access, integrity, and auditing.
But even the most secured data center can be taken down.
How Healthcare Practices Can Protect Their Data
So does this mean that nothing can be done to protect patient data?
Healthcare practices must carefully weigh the risks and costs of a breach when determining solutions to protect data privacy.
But there are some recommendations that every practice can follow to ensure that their data is kept safe to the best of their ability.
1. Work with reliable EMR and IT vendors
Ransomware attacks are one of the most common ways that data breaches occur.
It’s important for healthcare practices to use EMR software or IT technology that can alert users when a ransomware attack has occurred.
2. Notify the proper people if a breach happens
Keep in mind that if an attack happens, you will need to notify the proper authorities as well as any individuals who may be impacted by the event.
HIPAA already outlines the rules for breach notification.
3. Reduce human errors by training staff
Data security experts believe that the second biggest cause of data loss is due to human error.
Internal theft of personal information, whether accidental or intentional, can be a cause for alarm.
Computer access and any transfer of information – even over the phone – should be closely monitored. Staff should also be trained to properly store information in an EMR system.
4. Use common sense security practices
A recent study found that almost 90% of healthcare organizations either currently have anti-virus, or plan to use it in the future.
85% also report that they are currently or soon will be utilizing email/web security.
Having even basic antivirus protection on all of your systems and computers is essential to protecting your computer from non-human threats.
5. Invest in protection
While healthcare data loss is not a new issue, healthcare is likely becoming a more prominent target because of the sensitive information that organizations in the industry hold.
With this in mind, healthcare practices need to understand that the costs of a breach significantly outweigh the costs of any safety protocols.
Protect yourself by investing in an EMR system that can handle your security needs, and use resources wisely to allow for any additional protection necessary.
Is data security expensive? It can be, depending on your situation.
But in this case, an ounce of prevention really is worth more than a pound of cure.
When looking into EMR technology, make sure that you’re using a trusted vendor that has security protocols in place should a breach occur.
If you need further training to understand what to do if you suspect patient information is being lost, read up on HIPPA’s Data Security Rules.
Make sure staff and any members of your organization understand these rules and consider putting security procedures in place for staff and employees, too.