Improving Michigan Healthcare IT Security
In the quest to further secure patient health data with strong access controls, Michigan healthcare providers can now use biometrics to verify patient identity prior to allowing access to their medical record. PatientSecure works by scanning a patient’s palm vein pattern and linking them to their unique medical record.The Michigan Health Information Network Shared Services (MiHIN) announced a partnership with the patient identity management company and developer of PatientSecure, HT Systems, to provide the security system to statewide healthcare providers.
This system is interesting because it provides a way for patients to securely access their medical record as they move between healthcare systems and doesn’t require a badge or access code that could be potentially stolen and used for identity theft.
Technology is emerging (or at least being implemented more readily) as a response to the data breaches that have recently plagued the healthcare industry in droves – the HHS Wall of Shame reports over 21 million individuals have been affected by an unsecured data breach dating back to 2009. In 2012, 119 breaches, each affecting over 500 individuals and involving unsecured data have been reported, totaling to over 2 million affected individuals.
Michigan healthcare organizations account for 118,000 of the total affected individuals nationwide. Ranging from the largest healthcare systems to individual physician practices, the majority of the Michigan data breaches were due to the theft or loss of portable media devices, specifically, laptops that contained unencrypted patient data. These are a few of the documented Michigan breaches:
- Dating back to 2009, the Detroit Department of Health and Wellness Promotion reported a desktop and four laptop computers stolen from their locked facility. The computers had patient data stored locally. In remediation, they switched to storing their billing information in a secure patient management system and beefed up their physical security controls; installing security cameras with alarms and new office door locks with assigned keys.
- A small physician practice also suffered a data breach when a laptop containing patient data was stolen from the physican’s personal residence. In remediation, the physician installed encryption software for its billing software.
Implementing and maintaining IT security can be a costly endeavor, and not every business can do it in-house. Outsourcing allows organizations to take advantage of Michigan managed hosting providers’ investments in physical, technical and administrative security. It also ensures that patient data is never stored locally on an individual device, but instead stored on a secure server in a secure, HIPAA compliant data center.