Issue link: https://nebusinessmedia.uberflip.com/i/470023
www.wbjournal.com March 2, 2015 • Worcester Business Journal 17 >> H E A LT H C A R E A N A M E R I C A N B R A S S E R I E : C I T I F I E D D I N I N G + R E F I N E D CO M F O R T F O O D H O U S E MA D E / S E A S O N A L / S U S TA I N A B L E N O W O P E N Multiple Spaces for Private Functions/Corporate Events (Up to 300 guests) Private Parking Lot • Open for Lunch & Dinner 2 2 5 S H R E W S B U R Y S T. / W O R C E S T E R 5 0 8 - 7 5 5 - 8 3 3 1 / T H E U R B A N W O R C E S T E R . C O M Geoffrey K. Dancey, CFA has been named President and Managing Member of their investment management rm. is pleased to announce that Cutler Capital Management, LLC 306 Main Street Worcester MA 508-757-4455 www.CutlerCapital.com immediately accessed requires the use of security safeguards such as firewalls. The challenge in the medical field is providing secure access to vital informa- tion when minutes, even seconds, count. In the cases in which patient data must be accessed remotely or transmit- ted, hospital technology officials rely on encryption — which makes data unread- able without the proper code to unscramble the data — to create secure connections and allow the flow of data. Encryption is also a key component in safeguarding sensitive information on laptops and mobile storage devices such as thumb drives. While Nicole Heim, chief information officer at Milford Regional Medical Center, tries to mini- mize the use of laptops, the information they carry is encrypted. The hospital will soon install technology from EMC that will allow encryption for all data held in storage, not just in transit. But even the best defenses can be breached by the biggest vulnerability of any organization — the human factor. When a data breach affected the UMass Memorial Medical Group last year, it was not from an outside hack, but an employee who may have accessed billing information outside his or her job duties, according to UMass Memorial. This incident potentially affected 14,000 patients. UMass Memorial declined to comment on security for this report. Ongoing training, communication Hospitals use training and ongoing communication of security policies to curtail security issues. They will also limit access to what is needed by a particular employee and ensure, through system monitoring programs, that they're access- ing information appropriately. "As you expand the number of people who have access, you have a greater bur- den of work to keep that secure," said Chantal Worzala, director of policy for the American Hospital Association. She explained that patients' Web access to their own medical files also opens up the system to infiltration. But even as hospitals attempt to incor- porate security measures and dole out the appropriate levels of access to employees, they must ensure that it doesn't interfere with patient care. At Milford Regional, new security mea- sures go before its Physicians Advisory Committee before they're adopted. "Any time you put security solutions in place, it is going to add a level of com- plexity," Heim said. "So you have to weigh that. We need to protect the infor- mation, but we need to allow effective access to that so the doctors and nurses can have access to the information and care for the patients." This constant shifting and maneuver- ing of hospital defenses helps respond to ever shifting security challenges. The hospitals must not just safeguard patient information, but also financial informa- tion of patients and insurance subscrib- ers, especially since credit cards and Social Security numbers are used. Use of hospital equipment with inter- connected and wireless capabilities has also been cited as possible points of entry for malware and hackers. In fact, any connection from which a hospital's information system links to the outside world is a concern, said Worzola, even an infusion pump that transmits infor- mation wirelessly to electronic medical records as it injects patients with drugs. The U.S. Food and Drug Administration and American Hospital Association have said medical device manufacturers must also take potential security con- cerns into account. Security will only grow as a concern and require more investment by hospi- tals and other health care providers. While large hospitals and hospital groups have at least one person dedicat- ed to overseeing security, even small facilities must do the same. The ever- changing ways to gain access to sensitive information require vigilance from pro- viders, said Heim, of Milford Regional. "You can mitigate all the risks you have today and then tomorrow have new risks," she said. "You have to be aware of what is in the market and what is hap- pening in the industry." n Data security >> Continued from Page 12 0 50 100 150 200 250 0 2 4 6 8 10 12 Total number of data breaches involving at least 500 patient records Total number of patient records impacted (In millions) 2010 2011 2012 2013 2010 2011 2012 2013 212 149 192 199 5.4M 10.8M 3M 7.1M Data breaches in health care After falling in 2011, the number of reported data breaches in the U.S. jumped by about one-third in 2013. Source: Redfin "Breach Report 2013: Protected Health Information" (includes information reported to the federal government)