How Fairview Health Services Is Protecting Your Information

Guest post by Alistair Jacques, Chief Information Officer

The good news: gone are the days when your medical records were documented on paper and stored in a file cabinet.

The bad news: gone are the days when your medical records were documented on paper and stored in a file cabinet.

While the transition to electronic health records offers many great benefits for patients and care providers alike, it’s a contributing factor in the rise of health care data breaches.

The Office of Civil Rights, which is part of the U.S. Department of Health and Human Services, reported 253 data breaches involving health care organizations in 2015, affecting at least 500 people and about 112 million records.

But why?

Go back just a few years and you’ll find other industries, finance especially, were the target of breaches. Cyber criminals were after them because they were able obtain great volumes of information in one attack—names, credit card information, addresses and birth dates—that they’d use or sell for identity and credit card fraud purposes.

The finance industry has since invested huge sums of money to tighten security controls. They’ve successfully made it more difficult to be victims of cyber attacks, which caused criminals to look elsewhere, including health care.

Traditionally, health care organizations spend more on their clinical needs (medical equipment), and not as much on computer technology, leaving them more vulnerable to cyber attacks. And the data stored in electronic health records is rich and valuable.

For each patient, his or her name, date of birth, Social Security number, insurance/Medicare/Medicaid information, and health and medication history are all are documented—everything a criminal needs to commit medical identity theft (i.e., medical fraud).

Back to the good news!

Fairview Health Services is committed to information security because we believe protecting your information is non-negotiable; it’s one of the many “givens” you can expect from us. We do so in the following ways:

  • We have a designated Information Security team led by a chief information security official and formal security program with allocated budget to continually advance our security processes, practices and technology.
  • We follow nationally recognized information security frameworks and regulations, including compliance with the Health Insurance Portability and Accountability Act (HIPAA). These practices include:
    • The use of a number of safeguards (software programs, encryption, firewalls, etc.)
    • Limiting access to the electronic health record; only providers and staff caring for a specific patient are allowed to access the patient’s information. EHR activity is closely monitored to prevent unauthorized access and use.
    • Requiring all providers and staff to complete annual security and privacy training in addition to regularly reinforcing our policies

Check back next week for practices you can follow to avoid becoming a victim of identity fraud.

Related Articles