The Effects of Patient Access to Data Cybersecurity
Over the past few years, there has been a shift in national healthcare systems to provide patients with greater access to their own medical records. Legal and technological trends have also granted patients more convenient access to medical records via the internet.
As of 2017:
United States: The Health Insurance Privacy and Portability Act (HIPPA) stipulates that patients must be permitted to review and amend their medical records. (1)
United Kingdom: British GPs offer patients online access to summary information of their records. (2)
France: The ‘dossier médical personnalisé’ (electronic health record) belongs to the patient and they control the healthcare provider’s access. (3)
Benefits – From Patient to Healthcare Providers
There are clear benefits to opening up medical records to patients.
- Online access helps to improve convenient access to care services.
- Better information can empower patients, leading to increased health literacy.
- Allows patients to make better informed decisions about their healthcare.
There are improvements for the healthcare providers too:
- Offering online services can streamline and reduce administrative workload.
- More efficient office practices.
- Use of online appointment booking can decrease office wait times.
Drawbacks – Cybersecurity Headaches
The healthcare sector has been one of the most affected by cyber attacks in the past few years. The number of American healthcare data breaches almost doubled in 2016, averaging more than one data breach per day in 2016 for a total of 450, up from the 253 breaches that took place in 2015. (4)
Loss of Control
While some hospitals and medical practices are getting better at securely sharing electronic data with each other, providing their patients with secure access is often another issue.
For instance, healthcare organizations must provide patients, or a chosen third-party, access to their health records in the format the patient requests. This is the case even if that request instructs the healthcare entity to electronically transmit health records via unencrypted email. (5)
There has even been a push in some countries to provide health records via mobile phones. In 2015, the UK Health Secretary sought to enable patients to access and modify their GP records via smartphone. However this was placed on hold after some misgivings about safety and confidentiality. Phil Booth, coordinator of the campaign group MedConfidential, stated: “…it could expose the vulnerable to stalking, abuse and coercion, not to mention predatory companies who can’t wait to get their hands on such valuable data.” (6)
Protecting Sensitive Data in Patients’ Hands
Patients need to be aware of the risks involved in accessing their patient records online. “Your provider is no longer responsible for the security of your health information after it is sent to a third party,” the U.S. Department of Health and Human Services warns that “once you have a copy of your health information, it’s important to keep it protected…including using passwords on mobile devices and computers.” (5)
In order to limit potential data security issues, there are several practices which should be considered:
- How patients will be verified and patient activity recorded while accessing their records online.
- The need to educate patients about keeping their login credentials and personal information secure and the implications if they share these details with others.
- How practices will identify third party information which will need to be withheld. (7)
- Working with the electronic health record vendor to ensure the system can give each personal representative a unique, secure login to access the patient’s portal.
- Obtaining patient’s preferences for giving caregivers access to their health information. In most countries healthcare providers are allowed to to share health information with those involved in the patient’s care unless the patient objects.
Cybersecurity Software – Healthcare Sectors
There is little that can be done to secure data once the patient has it in their hands, but it is important to take as many steps as feasibly possible to prevent security breaches before it leaves the organization. One essential step is recording user sessions so you are aware what employees are doing on your systems. Often this is a mandatory step within healthcare systems for auditing purposes.
Would you like to learn more?
Visit our website to discover the most robust Patient Session Recording software available.