Tag: Healthcare

Joel Arun Sursas’s Take on Healthcare Cyber Security: How to Protect Patient’s Privacy

joelarunsursas

Originally published on compulearntech.com

When working in the medical industry, protecting your patient’s data is not just ethical – it is required by law. With HIPAA in place, medical professionals must be conscientious about keeping close tabs on patient information and only giving health data to those approved to receive it. Here, medical doctor and health informatician Joel Arun Sursas shares tips for protecting patient privacy in the digital age.

Encourage Security Measures with All Employees

While it may be obvious to physicians what falls under HIPAA compliance, it may not be apparent to those who work as office assistants or medical secretaries. This is why it is critical to take a very proactive approach to ensure everyone in the practice is up to date on HIPAA guidelines and regulations.
 

This includes having all employees checking documents multiple times before sending any emails or handing over paperwork to ensure verifications are accurate and that the data is going to the right person. Also, not allowing employees to speak about non-essential healthcare data over the phone or to anyone outside the clinic will ensure nothing slips[1].

Give Patients Access to Their Data

Having an online portal or Robotic Process Automation self-service system can cut down on information being sent around, which, in turn, cuts down on information going to the wrong place. Think about it: when you send multiple emails each day with health information or make numerous calls, it is easy to get a wire crossed and send the wrong data to the wrong person.

Dr. Joel Arun Sursas believes that with Robotic Process Automation, human error can be removed from the equation, allowing the automated or partially automated system to make the data delivery. This reduces the risk of data misdelivery and frees up time for other essential tasks that cannot be automated under current systems.

If patients are placed in a position to access their records through a similarly automated system, there is an even lower risk. If possible, giving direct access[2]through a portal account is one of the best ways to make sensitive information available without placing full responsibility on a staff member who may make a mistake.

Understand HIPAA But Do Not Fear It

Ensuring that staff understand HIPAA and consider it a beneficial tool to a clinic is the first step towards creating an environment without data slippage. HIPAA is not meant to be a thumb on your neck, so to speak, but instead, a measure of accountability to ensure patients are receiving confidential care as needed and are able to access medical care without fear of exposure or shame.

Fearing HIPAA does nothing but make it harder to serve patients. It is not a thing to be afraid of, but a thing to embrace. If you comply with it, HIPAA can be a fantastic tool. It is just a matter of making an effort to ensure your entire staff is educated and prepared to face what being HIPAA compliant requires[3].

There are a lot of things you can do to protect your patient’s privacy. From working on an automated system to make connecting easier than ever before without room for human error or just understanding what being HIPAA compliant actually entails, there is always something to help keep your patient’s critical data private and secure.

About Joel Arun Sursas:

Joel Arun Sursas holds a Bachelor’s Degree in Medicine and Bachelor’s Degree in Surgery from the National University of Singapore and is continuing his education to obtain a Certificate in Safety, Quality, Informatics and Leadership from the Harvard Medical School, and Masters in Applied Health Science Informatics from the Johns Hopkins University (both expected in 2020). His technical skills include SPSS, RevMan, and Python. Dr. Joel Arun Sursas’ most recent engagement is with a medical device start-up company Biorithm where he serves as Head of Clinical Affairs, working to take fetal surveillance out of the hospital and into the home, revolutionizing the obstetric practice globally.

References

1. Lo, Bernard, et al. “HIPAA and Patient Care.” Jama, vol. 293, no. 14, 2005, p. 1766., doi:10.1001/jama.293.14.1766.

2.“HIPAA Turns 10: Analyzing the Past, Present, and Future Impact by Daniel J. Solove :: SSRN.” Search ELibrary :: SSRN, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2245022. Accessed 23 Sept. 2020.

3.“Psychiatry Online.” Psychiatry Online, https://ps.psychiatryonline.org/doi/full/10.1176/appi.ps.55.5.575. Accessed 23 Sept. 2020.

Joel Arun Sursas Discusses Cybersecurity in Health IT

joelarunsursas

Originally published on scienceworldreport.com

More than ever, companies throughout the world rely upon digital data storage to efficiently operate and compete in the digital age, making cybersecurity of the utmost importance. In this article, Medical Doctor and Health Informatician Joel Arun Sursas discusses cybersecurity in the healthcare industry.

Cybersecurity involves employing several techniques to protect computers, networks, and data from unauthorized sources that seek to illegally obtain access to the aforementioned items and exploit the information, often for monetary gain.

In the past decade, cyberattacks have dominated global headlines, damaging the reputation of several prominent businesses and putting consumers’ personal information at immense risk. Notably, in 2017 Equifax, one of the largest credit monitoring agencies in the United States, experienced a sizable data breach that exposed personal data for 147.7 million Americans. In 2013, Cyber attackers set their sights on the colossal retail chain Target and accessed 41 million customers’ credit card details.

Let us not forget the infamous cyber incident in 2014 when Sony Pictures Entertainment suffered a devastating hack. The fallout included the exposure of employee social security numbers and the utter shattering of the company’s digital infrastructure, causing employees to revert to fax machines for months.

Those at the top of the corporate structure were not spared as the attack led to the dismissal of the chairman of SPE’s Motion Picture Group, partially due to the questionable nature of the leaked emails.

It cannot be stressed enough; businesses, regardless of reputation or size, remain vulnerable to nefarious intrusions, and the health industry is absolutely no exception. According to the 2019 Annual Breach Barometer Report, over 15 million patient records were exposed as a result of over 500 healthcare breaches.

Additionally, Verizon’s 2018 Data Investigation Report concluded that healthcare is the most vulnerable industry to cyberattacks and accounted for 24% of breaches investigated. Given the sensitive nature of the data playing field and the growing concern among consumers, it’s critical to understand the challenges of protecting medical documents as well as the most effective strategies available to keep the information safe.

Challenges

Depending on the size of the medical firm, the role of Information Technology (IT) may be in-house or outsourced to a third party. The American Medical Association reported that approximately 25% of physicians outsource security management and, therefore, heavily rely upon health IT enterprises to prevent cyberattacks. Either way, the security practices implemented are only as good as the repute, skill, and knowledge of the individual or company. Therefore, health organizations should allocate a significant portion of their annual budget to IT.

Apart from budget constraints and capable cybersecurity professionals, the most common challenge inflicting data protection is “phishing” attacks. This type of strike targets ill-informed individuals by sending sham emails from presumably reputable sources.

Typically, the emails aim to coerce sensitive information or trigger malicious software (aka malware). Therefore, to reduce risk upfront, the IT department should educate employees on how to recognize and report suspicious emails.

If computers linked to the office network become infected with malware, it’s possible the servers and the entire infrastructure could be shut down. In certain scenarios, the state of the network may even be held for ransom by the cybercriminals.

Another common issue of cybersecurity is encryption or lack thereof. Anemic encryption is often untested and out-of-date and therefore provides minimal defense. It’s crucial to keep encryption software and practices current; otherwise, it’s easier for hackers to locate and exploit weaknesses or blind spots.

Strategies

According to Health Informaticians like Joel Arun Sursas, health care organizations should view cybersecurity as an essential aspect of patient care. To reduce the risk of breaches, Dr. Sursas recommends implementing the following practices.

First and foremost, health organizations need to establish a culture that embraces proper cybersecurity techniques. After all, cybercriminals typically target individuals first due to their unsuspecting nature. A work environment resilient to cyber threats is achieved through education, such as annual training courses or quarterly webinars that cover a variety of topics, including passwords, phishing, and ideal computer habits.

It almost goes without saying, but tried-and-true defenses such as firewalls, up-to-date anti-virus software, and encryption are essential to maintaining security protocol. While these techniques may appear obvious, if left unattended, they could result in a devastating attack.

Also, as data sharing amongst clinicians increases in importance, oversight of network access by device and location must be performed with extreme caution. Not only do medical professionals retrieve and add to patients’ medical records over a shared network, but it’s also commonplace for patients to review their health results such as blood tests remotely via a digital profile. While the latter is most likely overseen by third party software, health organizations can limit network access to vetted devices and scrutinize any peer-to-peer applications before they’re installed.

Finally, clinical care providers should consider employing informatics professionals who are highly trained to chaperon data collection, management, and protection.

Conclusion

Protecting patient data is not always clear-cut, especially in an industry that lacks ubiquity and is overwhelmed with antiquated software. Because the truth is: the challenges and strategies described above are only the tips of the iceberg. However, both independent clinics and national health organizations can prevail against cyber threats if they heed the mistakes that have come before and proceed with due diligence and action.

About Joel Arun Sursas

Joel Arun Sursas is a Medical Doctor and Health Informatician motivated to solve administrative problems in healthcare. His determination to work tirelessly to bridge the gap between doctors and engineers is resulting in medical technology solutions that improve patient outcomes, enhance monitoring, and protect patient privacy. Dr. Joel Arun Sursas is an effective communicator who facilitates the achievement of team goals.