A running theme during the Sep 2017 OCR/ NIST HIPAA Security conference was that providers and business associates must be cognizant of the fact that Cybersecurity issues can impact patient care. How often do we hear a provider say – “My priority is my patient, I don’t have time for other things”. Well, it is a fact that if Cybersecurity issues impact the confidentiality, integrity or availability of a provider’s patient information, then patient care will most likely be impacted.
We are currently at the hotbed for Cybersecurity activity in the healthcare industry. A data explosion is taking place causing unprecedented security risk. This data explosion is resulting from many actions such as digitizing the patient record, sharing patient information across venues, data-based collaborative care, the use of analytics to enhance care, electronic registries for population health, personalized medicine, the omnipresent patient health record through fitness tracking devices, smartphone apps, connected electronic measurement devices and more.
With this data explosion, the healthcare industry has been targeted for attacks. Ransomware attacks have been particularly rampant in the healthcare industry, causing hospitals to even shut down temporarily and transfer patients. If this is not an impact on patient care, what is? The big global ransomware attack that occurred in the first half of 2017 was called WannaCry. Here are some real examples of how it impacted patient care:
- Providers were unable to look after patients properly as medical devices were not functioning. Many providers did not even have access to X-rays.
- Some patients complained about having to wait for a couple of hours for prescriptions, after chemotherapy infusion - suffering through the after-effects of a chemotherapy session waiting instead of resting.
- In some cases, administration of chemotherapy had to be delayed or postponed.
- A patient talked about how he could not get test results for severe kidney pain for a couple of days, because machines were unavailable.
Cybersecurity issues are at their heart, patient safety issues. It is part of the mission of a physician, part of the Hippocratic oath. The first step in understanding how a practice fares in terms of security, is to conduct an annual security risk assessment. This is key and must not be overlooked, as ensuring that patient data is safe is an important responsibility of a physician towards the patient and towards assuring consistent and quality patient care.
By Rema N. Deo.