With the requirements of Meaningful Use Stage 2, facilities must start using patient portals. Patient portals can be instrumental in ensuring accurate, quality patient care by allowing patients instant access to their medical records, but they are not without security risk. As with any system there are the possibility of security breaches, HIPAA violations and fraud. Working with a trusted IT team can help to mitigate that risk.
What security risks do patient portals bring?
1. Login Security.
Balancing high-security requirements for sensitive documents with the need for ease of patient access is challenging. Portals allow patients to check test results, make appointments or make payments, all of which requires a high level of security for patient peace of mind and to prevent HIPAA violations. Patients want their data to be secure, but are frustrated when it’s difficult to access it.
2. Unauthorized Access.
Improper actions by employees can be the cause of attacks from within the system. Recently, records in healthcare facilities in Minnesota and Missouri were breached by healthcare workers who viewed files that they had no reason to access. This breach exposed patient information such as dates of birth and social security numbers, which are highly desirable targets for identity thieves.
3. Shortage of Technical Staff.
With increased patient access to data comes even more data to manage. HIPAA’s Right of Amendment gives patients the right to access and correct their medical information. This creates an exchange of data between the patient and healthcare facilities which adds to the workload of existing IT staff who must manage this information securely.
How can these risks be mitigated?
It’s vital to think like a hacker to ensure the highest level of security. While hacking is thought to be a high tech caper, sometimes a hack can be surprisingly simple. In a recent case, a check of one patient portal system revealed that once access is gained legitimately to one patient record, it was easy to jump from one record to another, simply by changing the patient name in the URL.
Some risk can be lessened simply by adding to your IT staff. Tech experts can help you to develop secure login protocols, prevent security breaches and ensure HIPAA compliance. But, security specialists are in high demand and it’s important not to settle for less than the most qualified technical specialists.
While it can be difficult to recruit and onboard qualified staff to address this increased need quickly enough to maintain security, you can always ask for help from your staffing partner.
As the leading healthcare IT consulting agency, Morgan Hunter can provide highly qualified contract or permanent IT specialists to ensure patient portal security and address any other security or technical needs you have. Contact us to learn more!