Segment:
-
Health Care
3
People that Fit the Segment:
1) Nita
Dave- Anesthesiologist
2) Nidhi
Kavi- Resident @Mt. Sinai
3) Rohan
Dave- Health Care Administrator @Montefiore
Need
Awareness:
1) There
is a very real need to protect patient records. As an anesthesiologist, during
the pre-op procedure, I take down all the health history and information about
a patient. This data goes into a patient file stored on our network. While we
have protective firewall to protect these records, we don’t have a systemic
checkpoint system. For instance, all someone has to do in order to access a
patient file is log onto the system, type the patient’s last name and date of
birth. Following this, the patient’s entire health history will be presented.
If hackers or other parties are able to access our system, it would mean the
loss of private data for hundreds of patients. This data could be used
maliciously and even result in financial/social distress.
2) Right
now as an attending, I practice something called SOAP notes in which we take a
full physical examination of the patients and write down their health history.
In the past, I’m aware that these notes were hand-written, but now they are
also stored in our online system. This means that patient’s health records, insurance
and address/phone number/email is all kept in one place. Not only do we record
information about the patient, but we also keep information about the patient’s
emergency contacts in case something were to go wrong. This means that if there
was a data breach, many people besides the patient would also be implicated. A
system in which there is a thorough firewall/checkpoint system is definitely
needed in the health care field because we deal with such sensitive information.
3) Cyber-security
is threatened daily at Montefiore. Thankfully we have people working to
alleviate problems if there is a hack and prevent future intrusion.
Surprisingly, we aren’t only worried about hackers from private companies
looking to steal patient information, but also from employers. Many times,
employers will hire individuals to access health records of an individual
before making a hire. These people want to make sure that whoever they hire can
be a reliable member of their team for years to come. This health discrimination
is subject to increase if there is not a system in place to ensure the security
of patient records.
Information
Search:
1) If
there is a breach of patient data or if I get a request from an unauthorized
individual to access a patient’s file, I immediately notify my director. There
is no need for someone other than the patient and the doctors working on the
case to access the individual’s health history and private information. Even
when a relative or family member asks about a particular case, a withdrawal
form must be signed by the patient before any information is disclosed. If
however, our system or anti-virus protection is down, we usually call our IT
department to handle the situation. At our center, we don’t have people
specifically trained to combat threats to cyber-security.
2) When
we become notified that someone is trying to steal a patient’s history or
private information, we immediately notify our director so that he can call
people to deal with the threat. In addition, a mass email is usually sent to warn
everyone from clicking on a sketchy email or interacting with a particular
individual. If the problem becomes even more serious, the police may be
involved as well as detectives to figure out who the perpetrator is. Since I am
an attending, I try to instruct my students to not go on any social media or suspicious
sites while at work. However, since I am not trained in cyber security I have
no way of combating any hack besides relying on our system’s antivirus/firewall
protection.
3) If
there is a hack of personal information to our system, we immediately notify
all personnel and pass along information about the breach so that everyone is
alert and becomes even more cautious. Passing on knowledge allows everyone to
have a heightened sense of alertness so they don’t magnify the problem with any
carelessness. To combat the issue we usually contact out IT department and
other experts in cyber-security. We aim to obtain our data back and make sure whoever
got a hold of the information didn’t pass on the data to a third party. Despite
this, we have limited resources at our hospitals themselves. The only thing we
can really do is to contact individuals who know how to combat the issue.
Findings:
-
From my interviews I learned that
hospitals and health care systems, don’t really have any form of protection
against cyber threats besides notifying and contacting their IT/cyber-security
staff. Whether it be a doctor, attending resident or health care administrator,
none have been trained in cyber-security should a breach occur. They have, however,
knowledge on who to contact and proper protocol on how to act should a hack
occur. They also know that the best way to keep patient records secure is to
only give it out if the patient has signed a release form for their data to be
accessed by that particular individual. I also learned that health histories,
addresses/phone number and emergency contact information is often kept on the
same system. All hackers need to do in order to obtain this information is to
access the hospital/health care database, and know a few vital details about
the patient such as their birthday.
Conclusion:
-
From my findings, I think it is absolutely
imperative that health care companies and hospitals implement more regulation
on how to access patient records. There should be more checkpoints put in place
before someone can access a patient file. While this may seem more tedious and
annoying to the doctors and staff, it will mean that patient records have a
higher chance of being kept secure. If there are more checkpoints, along with a
better anti-virus/firewall system, hackers would need much more training to
overcome the system and information about an individual before they are able to
steal their information.
No comments:
Post a Comment