Patients and as it Professionals

¶ … patients and as it professionals about such threats?

Very concerned: as patients, compromised it data could result in identity theft (because of the Social Security numbers and other identifying data found in medical records) and even difficulty in gaining employment or health insurance if the information was improperly released to interested third parties. The risk is great -- for example, recently, 34,000 patients hat their medical data compromised when contractor working at a hospital downloaded the patients' files onto his personal laptop "which was stolen from the contractor's car. The data on the laptop was password-protected but unencrypted, which means anyone who guessed the password could have accessed the patient files without a randomly generated key. According to a hospital press release, those files included names, addresses, and Social Security numbers -- and, in a few cases, diagnosis-related information" (Schultz 2012). It professionals must be concerned about the considerable challenges they face in terms of enabling data to be searchable and useful to healthcare providers as well as accurate -- yet also ensure that enough protections exist so the data does not fall into the wrong hands.

Q2. How can we avert such threats?

While no system is 100% secure, it professionals can substantially enhance security by requiring staff to use passwords, keys or badges to unlock computer terminals, which prevents persons from simply 'wandering' through an office and being able to access data on an unattended computer. Users should be required to know their passwords, rather than allowed to store them in their work computers. Access to data should be as limited as possible on a 'need to know' basis. Users should be required to change their passwords regularly. Patient data should be encrypted and there should be 'audit logs' tracking transactions to monitor for suspicious activity when users access critical data files (Lecture notes, 2013). Examples of 'red flag' usage include logging in during odd hours (over the weekend and in the middle of the night) or unusual activity not typical of specific users. Cloud computing can also lessen the risks by making it more difficult to actively 'transport' data away from secure premises. "According to an HHS database, more than 40% of medical data breaches in the past two and a half years involved portable media devices such as laptops or hard drives" (Schultz 2012)

Q3. How can we minimize injury and harm after such incidents occur?

First and foremost, it is important to inform the affected patients of the nature and extent of the security breach. Patients can take action by putting a credit freeze on their accounts, if they are at risk for identity theft. Offering patients free credit protection might be one way to reduce anger and concern. Passwords must be changed to ensure that repeated breaches do not take place, and the system must be thoroughly audited for vulnerabilities. It must be determined if the breach was a one-time event or is part of a potentially reoccurring pattern.