As many of you know, an Electronic Health Record (EHR) is a digital record of a patient’s paper charts, updated in real-time. This is an incredible option to have in the world of medicine, where information can be exchanged between doctors as well as business associates. It also provides an incredible benefit to the patient, giving them the best and most appropriate care when needed.
Overall, it really is a great thing to have so much information at your fingertips. Unless that information gets into the wrong hands. Which is exactly what happened to Allscripts Healthcare, an EHR company used by a variety of businesses in the medical field, including hospitals, pharmacies and emergency service (ambulance) centers around the world.
Today Allscripts is working with the Department of Justice to pay $145 million in a preliminary settlement in response to an attack that exposed patient records which were thought to be safe in the cloud. They were in violation of HIPAA, the HITECH Act’s EHR incentive program, and the Anti-Kickback Statute related to Practice Fusion – which was the company acquired by Allscripts in 2018. This settlement will resolve both companies of all criminal and civil liability related to the investigation surrounding them both.
Unfortunately, they aren’t alone. With the human component being the big risk factor in any organization, healthcare employs many, many people with patient access. Each record is a gold mine for hackers, and therefore even one mistake can prove costly to an organization like we’re seeing with Allscripts.
How do we remedy this? The first and most important step is to cover your assets. Cyber Insurance is going to increase your likelihood of surviving a breach, but once you have the end protection setup, get your employees trained. And then repeat the training. Conduct Security Risk Assessments at least annually, not only to comply with HIPAA but to identify security gaps which could leave your organization’s data up for grabs. Then, perform a vulnerability scan and find out if your system is as secure as you hope and believe.
Protection and prevention go hand in hand and in the world of healthcare, you can never have enough.