Want Higher HCAHPS Scores? Improve Patient Communications.

March 13, 2015 by Vickie Anenberg

Hospital CIOs Need to Anticipate Hacking

Hackers are increasing their efforts to breech hospital IT systems to steal patient IDs and other personal information. The reason? Retailers and banks have bolstered their security technology, and healthcare providers are proving to be a source of valuable data that can be marketed at higher profit margins.

As a whole, the healthcare industry has lagged behind other vertical industries in its ability to thwart hackers and protect patient data. This is not necessarily a fault in the overall system, nor is it a lack of concern on the part of healthcare providers. Hospitals are faced with multiple challenges based upon such initiatives as Meaningful Use, ACO, HCAHPS, ICD-10, and more. The requirements these initiatives and statutes have severely impacted the ability for many facilities to remain financially viable.

Patient identity and data theft present a serious problem for hospital administrators and their patients alike because the data have become such a lucrative target for hackers. Scott Mace, writing for HealthLeaders Media, has posted a new article in which he has conducted research and interviewed experts related to data security. From this, he has distilled five steps all healthcare providers should consider.

1.     Update SSL Certificates. Every organization should visit the SSL Labs website to see if its SSL certificates are up to date, and that it is running the latest version of SSL/TLS to enable trusted, encrypted secure transactions over the Internet.

2.     Adopt the DMARC Standard. Domain Message Authentication Reporting (DMARC) standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.

3.     Reconsider the Penalties. Policy makers in Washington, starting with the Office of the National Coordinator, need to consider whether current statutes, which throw the penalty book at organizations for data breaches, are in fact exacerbating the problem and robbing these organizations of the very resources they need to boost their security efforts.

4.     Communicate Better and Sooner. As we are rethinking “the carrot-and-stick approach,” it is time for healthcare to have a real-time mechanism for disseminating threat data to healthcare organizations

5.     Address Encryption and Access Control. Healthcare needs to have a conversation about encryption and access control. It's cost-prohibitive to encrypt everything, which is why it isn't a ubiquitous practice. Anthem has taken some knocks for not encrypting its 80 million records, but typically, data centers have not encrypted at that scale.

The penalties for not addressing data security issues can be far more costly than dealing with them before the fact. Hospital CIOs need to take the lead in this ongoing battle, with the full support of administrators and boards of directors.

Optimizing hospital staffing spend and streamlining staffing processes is what Cross Country Staffing has been helping our clients to do for over 35 years. We understand complex staffing needs, and provide cost-effective workforce solutions to meet the staffing challenges of all healthcare facilities. Cross Country Staffing can help you to achieve your strategic goals for quality care, patient safety, and financial health.