IT Support and Hardware for Clinics
32.0K views | +2 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

Medical Identity Theft: How Hospitals Can Reduce Risk

Medical Identity Theft: How Hospitals Can Reduce Risk | IT Support and Hardware for Clinics | Scoop.it

Hospitals are generally considered to be a place to seek refuge — a safe haven for both employees and patients alike. Unfortunately, this isn’t always the case. Incidents of medical identity theft are becoming more and more common. Issues involving improper use and disposal of data, hacking, and theft result in not only adverse financial consequences but can also even have negative impacts on healthcare and personal well-being. Identity theft is something that every hospital needs to be aware of and prepared for — these steps can be helpful in preventing medical identity theft and ultimately reducing your hospital’s risk.

Reduce risk associated with personal patient information

The use and storage of patient’s social security numbers is the main source of vulnerability when it comes to identity theft. Data breaches and entry errors can mean that a patient’s information can fall into the wrong hands — compromising the safety of both the individual and the hospital itself. While much of the fraudulent use of patient information comes from stolen or leaked data, verbal or physical forms of sensitive patient information can also end up in the wrong hands. Hospital employees should take care to never discuss patient information in public areas, or with friends and families. In addition, physical forms including patient charts and records (even if they only contain the name of the patient) should be safely used and stored.

Ensure that secure methods are used in storage of patient health information

Every health organization should take necessary measures in order to ensure the safety and security of patient information. An investment in appropriate health IT may be costly up front, but it could end up providing endless savings — both financial, and otherwise — in the long run. Additionally, the use of a unique health safety identifier (UHSI) is a great measure to strengthen information and data security, with positive results extending all the way to the patient.

Avoid storing personal information of patients unless absolutely necessary

While many healthcare providers perceive that patient information — including social security numbers — must be stored for billing and insurance purposes, this simply isn’t the case. The storage of sensitive information (like social security numbers) isn’t always needed, and unnecessarily doing so may pose a risk for the patient and the hospital.

Dispose of patient information responsibly

Just as sensitive information should not be stored unless absolutely necessary, it is also imperative that patient information be disposed of in a responsible manner. Outdated or unused medical information, forms, and billing data should be shred or erased completely when no longer needed.

Assemble and utilize an advisory committee

In any healthcare setting, it is beneficial to have a diverse team of leaders that comes together to regularly review and assess security issues and vulnerabilities. By raising awareness and discussing perceived risks, hospital leaders can be well-informed when it comes to making decisions and implementing efforts to reduce risks and protect sensitive information.

Respond appropriately to issues and concerns

Not only can an advisory committee help prevent against identity theft, but the designated team of experts can be essential in addressing issues promptly and adequately. Utilization of an inventory system that tracks all processes and systems that contributed to the security breach can allow for the hospital to pinpoint the weaknesses and make necessary improvements. Once an issue is discovered, the advisory committee will be better prepared to — while looking at the data inventory — prioritize areas of concern and make adjustments that are needed.

Educate the patients themselves

As many hospitals strive to do the best they possibly can when it comes to securing patient information, actually sharing statistics and suggestions with the patients themselves can further improve the security of that information. Patients should be encouraged to keep their cards and information in a safe place and should be told to take caution when sharing sensitive details. Patient participation is crucial when it comes to combating identity theft and security tips and suggestions can be posted as signs throughout the hospital — or given to the patients in a brochure.

Medical identity theft is increasingly becoming a great threat to the safety of patients and health care providers. While there are many ways that patient information can end up in the wrong hands, there are fortunately many ways that both hospitals and patients can prevent this from happening. By working together and considering these tips, hospital staff members can ensure that the information of their patients can remain as secure as possible.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Fake patient data could have been uploaded through SAP medical app

Fake patient data could have been uploaded through SAP medical app | IT Support and Hardware for Clinics | Scoop.it

SAP has fixed two flaws in a mobile medical app, one of which could have allowed an attacker to upload fake patient data.

The issues were found in SAP’s Electronic Medical Records (EMR) Unwired, which stores clinical data about patients including lab results and images, said Alexander Polyakov, CTO of ERPScan, a company based in Palo Alto, California, that specializes in enterprise application security.

Researchers with ERPScan found a local SQL injection flaw that could allow other applications on a mobile device to get access to an EMR Unwired database. That’s not supposed to happen, as mobile applications are usually sandboxed to prevent other applications from accessing their data.

“For example, you can upload malware to the phone, and this malware will be able to get access to this embedded database of this health care application,” Polyakov said in a phone interview.

They also found another issue in EMR Unwired where an attacker could tamper with a configuration file and then change medical records stored on the server, according to an ERPScan advisory.

“You can send fake information about the medical records, so you can imagine what can be done after that,” Polyakov said. “You can say, ‘This patient is not ill’.”

SAP fixed both of the issues about a month ago, Polyakov said.

The German software giant also fixed another flaw about a week ago found by ERPScan researchers, which affected its Mobile Device Management software, a mobile client that allows access to the company’s other business applications.

The issue was a server-side buffer overflow that could cause a denial-of-service attack, according to an advisory. That may not seem serious, but that server software accepts supply-chain reports from the field and is also used by executives to get access to business-critical data, Polyakov said.

“If you can disable the mobile server for at least an hour, the supply chain of the company can be stopped, so you can imagine how bad it can be for a company,” Polyakov said.

The vulnerability is not remotely exploitable, so an attacker would need to have access to a SAP Mobile Device Management client, he said. But that would be accessible from inside the company and possibly from third-parties, he added.


more...
No comment yet.
Scoop.it!

mHealth Study Proves Remote Monitoring Beats In-Person Visits

mHealth Study Proves Remote Monitoring Beats In-Person Visits | IT Support and Hardware for Clinics | Scoop.it

An mHealth platform for post-operative care helped patients collaborate better and more often with their doctors and reduced follow-up visits to the doctor’s office.

In addition, more than half of those using the mobile health platform, designed for breast cancer patients recovering from reconstruction surgery, said remote monitoring was more convenient than in-person visits to the doctor’s office. And there was no statistical difference in clinical outcomes between the two groups.

 

The results of a study of 65 breast cancer patients, performed by the Women’s College Hospital of Toronto and published in a recent online edition of JAMA Surgery, “are important findings given the current demands on the healthcare system and the push toward patient-centric care,” says Kathleen A. Armstrong, MD, the study’s lead author.

 

They prove, she said, that a digital health service that replaces expensive and time-consuming in-person visits is more popular with patients and doesn’t negatively affect their recovery. In addition, the platform gives clinicians better data on their patients in a more timely manner, enabling them to intervene more quickly should an adverse health issue crop up. In the long run, this would lead to fewer health emergencies and hospital readmissions.

Armstrong, who conducted the study with Peter C. Coyte, PhD, MA, and Mitchell Brown, MD, said this was the first study to use an mHealth app instead of the telephone to facilitate the conversation between patient and doctor.

 

“A growing number of procedures, including complex operations such as autologous breast reconstruction, are offered in an ambulatory setting,” she noted. “Patients using the mobile app require approximately 2 minutes to input the quality of recovery, pain visual analog scale, and photographs of the surgical site. This ease of use allows patients to submit data frequently (i.e., daily or weekly), providing a continuous, richer inflow of information than could ever be achieved by telephone or in-person follow-up care.”

 

The study, focusing on the 30-day period following breast reconstruction surgery, equipped patients with a mobile app on their smartphones that enabled them to communicate on a store-and-forward platform with their doctors. Patients were monitored daily during the first two weeks and weekly during the following two weeks through a 9-question survey, a pain visual analog scale and photographs submitted by the patient. This platform replaced the typical in-person follow-up visits conducted one and four weeks after surgery.

 

According to the study, which compared 32 patients using the digital health platform to 33 patients following traditional post-operative treatment, the mHealth group didn’t need to meet in person with a doctor as much as the traditional group; and while both groups made the same number of phone calls to a doctor, the mHealth group sent more e-mails.

In addition, while there was no difference in the satisfaction rate between the two groups, 97 percent of those in the mHealth group said the service was convenient, while only 48 percent of the patients using traditional follow-up care said that service was convenient.

 

“Follow-up via a mobile app can be used to eliminate in-person follow-up visits during the first 30 days following ambulatory breast reconstruction surgery,” Armstrong said in the study. “Patients using the mobile app attended 0.40 times fewer in-person visits for follow-up care and sent more e-mails to their health care professionals during the first 30 days after surgery than did patients in the in-person follow-up group. This finding is important because a common criticism of telemedicine or virtual communication between patients and health care professionals is whether it truly replaces in-person care.”

“Improving patient convenience without compromising satisfaction is another critical finding as we look for ways to build a patient-centric health care system that supports quicker recovery and resumption of normal daily living,” she concluded.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.