Health information management and IT: Crusaders who protect what matters

Protecting information is a hot topic. I just read an alarming article that it cost a New York hospital nearly $15 million to recover from a massive cyber attack. For six weeks, the hospital worked with pen and paper until its systems were back online – returning to manual processes that hadn’t been in place for 20 years.

I also recently heard about a member of a health system’s Board of Directors who was caught in a phishing scam. Neither that New York hospital, nor that board member, were casual about security. As they say – it can happen to anyone.

In order to respond to how data is collected, utilized, stored and protected, the healthcare industry is constantly evolving. Because this information is extremely valuable.

In fact, “A stolen medical record is worth 10 times more than a stolen credit card,” according to Russell Branzell’s article, Maximizing BOTH IT and Cybersecurity: Is it Possible?

Considering how much information a medical record contains, I think they’re worth more than that. After all, it’s easy to shut down a compromised credit card number. But, a medical chart? That’s another story.

Medical record security

Hospitals must embrace evolving technology while protecting themselves and the information they house. One approach is to encourage their Health Information Management (HIM) and IT departments to work together in a more collaborative fashion. Both departments have complimentary goals and objectives, including establishing policies, determining accountability for managing information and protecting information with appropriate controls.

These departments value information, data and technology as strategic assets to the organization, so you need to give them resources to keep it all secure.

Responsible for maintaining the integrity of the chart, HIM staff must know where the data and information are stored. Granted, this becomes increasingly difficult as data and information take on different forms – including photos, videos, X-Rays, MRIs, etc. – but, whether stored in a single enterprise platform or in multiple data silos, the HIM department knows where to look for information. Often, HIM staff know about departmental software solutions and hardware that IT does not.

HIM and IT: Better together

By working together, HIM and IT can perform a complete inventory and create a roadmap to move the support and maintenance of all systems to IT. The HIM department can also help IT evaluate software currently in use to determine if it’s possible to consolidate systems to eliminate data silos and reduce IT sprawl.

Once the inventory and system consolidations are complete, HIM and IT can work together to review privacy and security policies. While privacy policies detail who is authorized to see patient information and under what conditions, security provides the controls to enforce those privacy policies.

Monitoring audit logs definitely helps HIM and IT determine if a security breach has occurred. But rather than waiting for a breach to occur, HIM and IT should be proactive about preventing one. You can accomplish this by proactively upgrading and patching hardware and software to reduce the security risks to the organization – and by being vigilant. The bad guys keep getting smarter and it’s going to take all of us to defeat them.

If you would like more information on this topic, please register for our webinar: The Role of Health Records in IT Governance. We will make a recording available so you can watch when your schedule allows.

Avatar

Jeannie Kearns

Jeannie Kearns is currently the Vice President of Document Imaging for First Bank (First Bancorp) and Hyland’s Financial Services VOGUE Director of Communications. Although she graduated from NC State University with a degree in Agricultural Business Management, she has been in the banking industry for 16+ years in roles varying from teller, online banking support, customer service manager to document imaging. Her current role as Document Imaging Coordinator allows her to spend 100 percent of her day focused on the development, planning and support of the OnBase system within First Bank. Jeannie was responsible for the implementation of OnBase for First Bank and has worked with the system since 2012. First Bank is proud to say that OnBase is an enterprise-wide supported application with workflows for almost every area of the bank. Jeannie is an OnBase Certified System Administrator (OCSA), OnBase Certified Workflow Administrator (OCWA) and OnBase Certified WorkView Administrator (OCWV).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may also like...