IT’s Role in Maintaining Secure Patient Records

Whether or not people support the Affordable Care Act, it has created tremendous opportunities for health care IT. For example, look no further than the electronic health record (EHR). First, IT has to set up and administer the EHR software. Then, IT has to develop data security and network security measures to protect patient information. IT works to help practices meet Meaningful Use I and II requirements. Additionally, IT enables practices to transmit confidential information to state health information exchanges (HIE).

Screen Shot 2013-10-23 at 9.27.39 PM

That list just covers EHRs — it doesn’t mention PACs and image storage, and it doesn’t discuss ICD-10 upgrades. It doesn’t include mobile health apps, mobile device management or telemedicine, and it doesn’t cover VoIP or cloud telephony solutions. When considering the job market’s demand for health care workers and cybersecurity professionals, students pursuing a Bachelor of Science in Cybersecurity and Information should learn more about earning health IT certification.

Threats to Patient Privacy

Secure patient data is the cornerstone of HIPAA, and security touches not only every industry but also many facets of IT. Patient data must be protected from unauthorized breaches by external parties as well as from unauthorized access by internal personnel. Consider this list, compiled by TechTarget, of the top patient privacy threats of this generation:

  • Used devices. Practices discard old hard drives, obsolete computers and outdated mobile devices. Many of those devices store patient information. Don Fluckinger of TechTarget points out that used hard drives sell for a lot more on eBay than new ones. The price disparity occurs because used hard drives contain valuable data.
  • Documents posted online. Organizations post online documents in .PDF, .RTF, .DOCX and other formats. Passwords, metadata and deleted content are often available by researching a document’s history.
  • Counterfeit medical devices. Insecure practices distribute these counterfeit devices to practices. The devices are deliberately left open to hacking.
  • Shredded documents. Documents not cut by a cross-cut shredder are easy for thieves to reassemble.
  • Hacktivist attacks and state-sponsored malware. Groups like Anonymous could easily hack into health care sites, and government-sponsored advanced persistent malware can hide undetected on a network.
  • Social media. Malware or ransomware from social media networks can compromise patient data. Ransomware locks a computer, enabling a hacker to claim that service will be restored when the clinic pays a given amount.
  • Celebrity patients. When a movie star, political figure or other prominent local citizen enters a hospital, the visit naturally inspires prurient behavior. As more parties gain access to patient EHRs, celebrity patient information is vulnerable to unauthorized access. Also, celebrities have a large platform for complaining if their data is lost or stolen.


In addition to earning a cybersecurity degree, students should consider earning health IT certification. Even students that haven’t earned a bachelor’s degree can pursue a certification to quickly enter the job market. Certificates can be earned from community colleges, professional societies or private companies. Some certifications, designations and exams that add significant value to a degree are:

  • CompTIA Health Care IT Technician Certificate
  • Certified Professional in Health and Information Management Systems
  • Certified Health Informatics Systems Professional
  • Certificates from the American Health Information Management Association (multiple options)
  • Certified Health Care CIO
  • Any credential from the Health IT Certification company (Portland, Ore.)
  • Health Information Technology Professional exams from the Office of the National Coordinator for Health Information Technology

Opportunity, Brought to You by HIPAA

Failing at HIPAA compliance could cost health care providers a lot of money. The Department of Health and Human Services (HHS) has drastically increased fines and penalties for failing to protect patient data. New regulations mean that any business performing services for health care providers that involves the use of patient information must also be HIPAA compliant. Also, every subcontractor of that business must be compliant, and so on.

In 2011, health IT careers topped the Bureau of Labor Statistics (BLS) list of the fastest growing careers. That list was released well before much of the Affordable Care Act’s implementation. Just think of the sheer workload involved in monitoring business associates and conducting HIPAA-related risk assessments. Thus, the effects of HIPAA and the Affordable Care Act ripple throughout the American economy, creating waves of IT opportunity.

HIPAA Patient Privacy and Security word concept from Flickr’s Creative Commons by purpleslog


About the Author: Gail Washington is a cybersecurity consultant specializing in patient data protection.







Morris Barris Written by:

Loading Facebook Comments ...