James Thew - Fotolia
Hackers and cybercriminals continue to target the healthcare industry, leaving data at risk of exposure and being held for ransom. Cybersecurity remains a top priority for healthcare organizations, but figuring out how to manage and protect health information can be challenging.
Fortunately, health information management professionals are on the frontlines when it comes to protecting their organizations from attacks and securing patient data.
"Health information management professionals play a huge role in safekeeping PHI," said Shital Mars, CEO of Progressive Care, a health services company in North Miami Beach, Fla. "These individuals are tasked with knowing the vulnerabilities of their digital networks and assessing available solutions to secure their systems."
One of the main challenges organizations face is staying up to date with new cyberthreats and making sure that best practices for thwarting malicious intrusion and malware are followed, Mars said.
"For healthcare companies, the consequences of failing to protect systems are especially serious given the nature of the information and the regulations involved," Mars said.
One major consequence of failing to properly secure health systems and violating HIPAA is a hefty penalty. The Department of Health and Human Services recently upheld a finding from the Office for Civil Rights that required MD Anderson Cancer Center to pay $4.3 million in civil penalties for HIPAA violations.
By working together with the IT department, health information management professionals can help protect their organizations from attacks and secure patient data -- hereby avoiding those large fines -- said David Reitzel, principal and U.S. health IT leader at consulting firm Grant Thornton.
The IT department must make sure tools and software are properly configured to protect data and are scalable, Reitzel said. Then it falls on the health information management professionals to make sure that any hospital and patient data that is being shared is accurate.
"Both groups need to work collaboratively to ensure all the necessary policies, procedures and internal processes are reviewed and actively managed on a regular basis," Reitzel said.
Mars added that health information management professionals also need to be aware of new cyberthreats and should undergo regular training to stay in the know.
"Do continuing education on IT management throughout the course of the year to keep abreast of changing technologies and best practices," Mars said. "Read IT journals and news to make sure that all new threats are evaluated, the risks assessed, and solutions implemented."
Skills for health information management professionals
According to health IT consultant Reitzel, typical skills required in a digital health ecosystem include:
- data analytics and analysis capabilities;
- expertise in patient privacy and security rights; and
- understanding the scope of an organization's chief information security officer and chief information privacy officer.
"As health information technology continues to evolve, fluency in where patient data is shared outside of the organization, understanding of annual testing procedures, and the ability to manage and maintain databases and generate and analyze reports are critical," he said.
Health information management professionals also need to understand their organization's IT infrastructure so they know what systems need to be protected.
Shital MarsCEO, Progressive Care
"It's important for anyone tasked with cybersecurity to understand the networks they work on and how those networks integrate, interface and communicate with both internal and external data sources like software providers, website hosts [and] email servers," Mars said. "By understanding the intricacies of your own network, you are best able to protect it."
Finally, Mars said, it is important to use best practices for keeping data secure, such as end-to-end encryption and multiple layers of password protection.
"Keep in mind there is no 'set it and forget it' when it comes to cybersecurity," Mars said. "As the healthcare industry adapts to better protect itself, [criminals] adapt as well, creating ever more sophisticated methods of obtaining data. So, for a health information management professional the job is never done."