Modern technology is revolutionizing the way healthcare providers connect and care for their patients. The value that connected systems provide in facilitating top notch care and providing crucial information across miles or mountains is undeniable. Cloud services, whether public, private or hybrid, are increasingly utilized to meet the demands of modern healthcare and streamline workflows across organizations. However, an influx of IoT devices and connected systems brings new security considerations within a HIPAA compliant environment.
Healthcare organizations are one of the most critical entities, and with that comes high stakes and high risks for cyber threats. An independent report by Harvard University1 discussed the primary risks facing healthcare, clearly indicating the importance of a secure IT infrastructure:
- Patients can be directly harmed by cyber attackers. Perpetrators with internal access can turn off critical active media devices or indirectly disrupt crucial care by altering records and compromising inventory systems.
- Health records contain personally identifiable information such as financial and medical data that can be used to steal identities or cause mental strife if publicly released.
- Medical care available to a community can be limited following a cyber-attack. This was especially evident in the Hollywood Hospital ransomware incident, which forced the facility to temporarily turn patients away.
- Intellectual property or research lab findings can be stolen in a breach, resulting in loss of significant academic progress, years of effort, and financial investment.
- Reputational damage to the facility and reduction of credibility is also an unfortunate consequence of cyber incidents due to loss of perceived trust.
These risks often stem from vulnerable, legacy IT systems or a failure to integrate best practices with new high-tech solutions. Security is not just vital for computer operating systems; IoT devices on closed systems can be vulnerable to unapproved access and provide a route to other internal ports or networks.
However, a combination of best practices and security focused products can help organizations stay ahead of the rapidly evolving threat landscape. For instance, at companies like Brother International Corporation, connected hardware and security go hand in hand and are at the forefront of both the products we create and the services we provide. Below are best practices and options for healthcare organizations looking to reduce digital risk:
Stay connected and HIPAA compliant with approved document sharing systems to avoid confusion: HIPAA is crucial but often complicated. A security-minded integrated system adds protections while facilitating easy uploads or transfers across all connection points without sacrificing compliance.
Organizations should look for integrated solutions that function across IoT applications and services to digitize paper records, faxes and Electronic Medical Records within HIPAA compliance. For instance, BSI (Brother Solutions Interface Developer Program) gives web application servers the ability to control a machine's internal features remotely and communicate via the machines' panel, seamlessly integrating printer functions, as well as user interface features, into existing document management workflows, imaging workflows, and managed print services.
Although some IT professionals in the healthcare space shy away from public cloud sites due to security concerns, patient-provider communication and workflow can be streamlined via Brother Web Connect. This feature allows users to easily and securely scan and upload documents to popular online storage sites (like Box, Dropbox, Evernote, Google DriveTM) with an internet connection and an account, or print documents directly from these cloud services. Healthcare providers should also consider e-mail encryption services when there is a need for provider-to-provider or patient-provider communication.
Keep information secure throughout its digital journey: A “clean-desk” practice ensures confidential data cannot be viewed by unauthorized people. This approach also requires security procedures to prevent employees from leaving sensitive, original documents on devices. Carefully controlling employee system privileges and abilities to print sensitive records can be instrumental in reducing risk. Look for products with enhanced security features to set administrator-level controls and user-based permissions to control and restrict access to sensitive information. Administrators can also purchase third-party software that can regulate print usage and document access on a per user or group basis, helping them remain in compliance with industry regulations.
Do not take a one size fits all approach: Certified healthcare office solutions are designed and tested to meet the rigorous privacy and printing demands of the healthcare industry. For instance, Cerner, a leading supplier of health information technology solutions, issued accreditation to many of the Brother Workhorse Series of business mono and color laser printers and all-in-ones. A wide range of Brother products are also in use with other EMR/EHR hospital systems such as Meditech and EPIC.
Connect to pre-empt, protect, and print with Brother
Cyber threats and privacy concerns are manageable with the appropriate tailored solutions. A secure IT ecosystem, grounded in security protocols and vigilant digital hygiene, can reduce opportunity for risk. Brother helps ensure systems are HIPAA compliant and integrates security solutions within their connected offerings, so the focus can be on using the data to provide care - not worrying about its safety. To learn more, click here.
- Le Bris, A. & El Asri, W. (2017). State of cybersecurity & cyber threats in healthcare organizations. Journal of Strategic Threat Intelligence. Retrieved from http://blogs.harvard.edu/cybersecurity/files/2017/01/risks-and-threats-healthcare-strategic-report.pdf