In Depth: Health record security
April 20, 2017 06:24 PM
As increasing numbers of doctors switch from paper to electronic medical records, the consumer needs a lesson in computer security.
The information in those records are a treasure trove for internet crooks.
Every hospital and 70 percent of medical practices in the Capital Region are connected via the internet to HIXNY: The Health Information Exchange of New York. It's an online repository of medical records that only with your written approval, can be shared between doctors.
"Obviously we use best practices of a number of different types," noted Mark McKinney, the HIXNY CEO.
Best practices to protect personal information in your medical records, because it's in hot demand in the world of cyber criminals.
"It's recognizing that your medical record is 60 times more valuable than your financial information," pointed out McKinney.
Credit cards in criminal hands can't wreak the same kind of financial chaos as the personal information gleaned from medical records.
"Because they can use that for identity fraud to create fraudulent billings to the insurance companies and to the government," explained McKinney.
HIXNY and other organizations monitor and advise physician and hospital cybersecurity. However, no one is monitoring the consumer as you access health records through patient portals. That's where potential breaches can happen, with devastating results for you.
"As a cybercriminal, if I have your identity I can get a loan in your name, I can get your tax returns, I can commit insurance fraud. I can do all sorts of things," noted Reg Harnish, the CEO of GreyCastle Security.
That personal information doesn't expire and you can't simply ask for a new identity like you can with a new credit card.
"You can't cancel your social security number, your last name or your date of birth. They never change," pointed out Harnish.
To get serious about protecting your information, these experts have advice.
Don't print medical information you access through a patient portal. Just view it on-line, because once a paper trail exists, it can land in the wrong hands. If you must print the information, treat it carefully.
"If you have banking information, you would shred paper documents. You would ensure that you password protect any electronic documents you have. You wouldn't give your back statements or your password or your information to just anybody who calls up and asks for it," noted McKinney.
Never access your patient portal through an unsecured WiFi.
As for encryption to improve security:
"As long as you're staying in the same system, generally that email is encrypted end to end," explained Harnish.
That means Gmail to Gmail, or Yahoo to Yahoo and the like.
Always check the web address from a medical provider. It should start with https:// and there should be a lock icon.
"Does the address actually look legitimate," warned Harnish.
Password protect your email accounts and only access medical information on a computer that's at home. Remember, a phone or tablet can be lost and with those devices, your information can fall into criminal hands.
Again, after viewing your medical information in a patient portal, leave it there. If another physician needs it, you can give written permission for them to view it.
"The easiest way to secure something is to not have it at all in the first place," explained Harnish.
How will you know if your medical records have been hacked? Harnish says you will hear from your bank when it spots fraud or you or your credit monitoring service notices fraudulent activity. Therefore, it comes back to that ounce of prevention being far better than a pound of cure.
Updated: April 20, 2017 06:24 PM
Created: April 20, 2017 05:33 AM
Copyright 2017 - WNYT-TV, LLC A Hubbard Broadcasting Company