How Healthcare Businesses Can Avoid a Data Breach

Published on May 1, 2018

HIPAA-compliant-storage-solution In an era where vast amounts of data are floating around and being accessed from a large network of devices, cloud file sharing security must be a top priority for any enterprise that collects personal or sensitive information. The threat of a data breach is an especially serious reality for those in industries where sensitive, confidential information is being collected from clients or patients. Healthcare professionals, in particular, should be keenly aware of the consequences that can occur when the security of patient records is left unchecked.

In 2016, a private medical transcription company working with New Jersey-based healthcare system Virtua inadvertently exposed 1,650 patient records online as the result of an error when its chosen FTP site underwent software updates. During these updates, important cloud file sharing security restrictions were accidentally removed, which allowed anyone to access transcribed patient records without a password, validation key or any other form of safeguarding.

Because the FTP site was unsecured, anyone with an Internet connection could type patient names, doctor names or certain medical terms into Google, and the search engine would pull confidential documents that contained this information and expose them to any individual. Confidential records stored in the FTP site were now vulnerable and could be accessed by any member of the public.

After this data breach came to light, the New Jersey Division of Consumer Affairs conducted an investigation into the physician group that allowed the private transcription company to store such sensitive patient information. The Division found that significant HIPAA compliant storage requirements were not met, and although the breach was not directly the fault of the physician group, they faced the repercussions for the following reasons.

The healthcare organization did not have a training program in place regarding security awareness for all of its management and personnel. The physician group did not keep any record of the amount of times the FTP storage site containing patient records was accessed, nor did it create or maintain accessible copies of the electronic protected health information stored in the FTP site. Furthermore, Virtua’s response to the incident was deemed too slow, and the organization’s lack of urgency resulted in delayed mitigation of the data breach.

Healthcare businesses need to take measures to avoid a data breach before sensitive patient information is leaked or made public. Just as a patient proactively purchases health insurance before they have suffered an injury or illness to ease the burden of future financial costs, healthcare systems need to take measures to tighten up their privacy and security practices in advance of an issue. Research shows one of the leading sources of a data breach is internal personnel, hired contractors or other associates working directly for the attacked business. Any vendor or partner who has access to a medical group’s patient files needs to be fully vetted on cybersecurity and trained on the organization’s privacy policy, and using one central FTP storage site must be enforced.

The file-sharing software chosen by healthcare businesses must also be a HIPAA compliant storage solution. If the medical group chooses to outsource any transcription work, or any activities directly related to stored patient records, all entities must be uploading and accessing files via a unified, approved FTP site. These entities must also understand the importance of HIPAA compliance and the need to report a data breach immediately so proper action can be taken swiftly before private medical records are exposed and available to access through a something as simple as a Google search.

BrickFTP is the preferred storage software for healthcare businesses who take cloud file sharing security seriously. The platform allows sharing and archiving of medical transcripts, imaging, patient billing information and other sensitive information while enforcing security measures and ensuring all parties with access to the FTP site are fully compliant with HIPAA regulations.

The importance of ensuring everyone involved in handling, altering, storing and sharing patient data is using the one secure platform cannot be stressed enough. Failing to get ahead of a data breach in this way is not only costly, it can also lead to significant HIPAA violations pertaining to protected patient health information.

BrickFTP’s group management features align all associates who are granted access to patient data, ensuring everyone is using the same approved portal. Comprehensive encryption and additional security measures are in place to ensure each healthcare business’s platforms are protected and data cannot be accessed by unauthorized individuals — or end up in a Google cache.

See why some of the largest healthcare providers trust BrickFTP.