The risk of patient data breaches is an ongoing concern for chief information officers (CIOs) at healthcare facilities, noted Sue Schade, CIO of Boston-based Brigham and Women’s Hospital.
Schade cited the example of her hospital, which experienced a data breach last year. In August the hospital revealed that a doctor lost a hard drive that may have contained medical records of 638 patients, including patient names, medical record numbers, date of admission, medications, and diagnosis and treatment.
The hard drive was lost when the doctor left it in a cab. In the ensuing internal investigation, the doctor said patient information had been downloaded to the drive but had been deleted, according to a report by the Boston Herald newspaper.
Chuck Podesta, CIO at Burlington, Vt.-based Fletcher Allen Health Care, said that his organization put in place a security information and event (SIEM) system that logs and monitors the activity on its networks. “We are acutely aware of the patient data risks”, he said. Podesta noted that protecting patient information takes a lot of resources and time. “When I’m asked what keeps me up at night, I say ‘breach notification’”, he added.
Catherine Bruno, CIO of Eastern Maine Healthcare Systems, said that her organization has significantly beefed up the security of its health information exchange. The organization recently added mental health patients to the exchange and created a separate process to protect the confidentiality of that information.
Bruno recently completed the integration of information systems at facilities within the Eastern Maine Healthcare Systems, which includes seven hospitals, as well as numerous physician groups and home healthcare organizations.
The panel members stressed that employee education is a key to improving patient data security. Podesta noted that the healthcare employees – doctors, nurses, CPAs, etc. – come from different backgrounds and knowledge. They all need to be educated about the need to protect patient privacy and data, he stressed.