According to the recent 2016 Mid Term Budget Policy Statement (MTBPS), the national health insurance grant will be increased by R9 million to fund the strengthening of health information systems in the Western Cape and KwaZulu-Natal. While this is incredibly positive, when healthcare organisations digitise patient information and records or adopt new technology it is vital that the records management system is evaluated to mitigate the risk of data breaches.
Wayne Clarke, Managing Director of Metrofile Records Management, a group company of JSE-listed Metrofile Holdings Limited, says that healthcare organisations using an Electronic Records Management (ERM) system need to realise that sensitive and confidential information can be travelling with their employees wherever they go. “A breach in data does not always occur as a result of a hacking attack, but can happen when an employee’s electronic device gets stolen or as a result of something as simple as the misplacement of a USB stick.”
He says that healthcare data contains highly confidential information that can be used for medical identity theft and fraud. “Healthcare organisations need to be aware of the costs involved in crisis management if a cyber breach or systems failure occurs.”
According to IBM’s 2016 Cost of Data Breach study the healthcare industry was the industry with the highest per capita data breach cost last year. The average per capita cost of data breaches in South Africa in 2015 was $1.87 million. The report also states that South African companies had the highest percentage of human error data breaches and that South Africa and Brazil are the two countries with the highest estimated probability of occurrence, adds Clarke.
Data theft is not going to disappear, notes Clarke, and the list of organisations falling foul to this will grow. “Government and industry regulators will also get tougher with organisations not taking the right steps to protect themselves against data breaches and attacks.”
According to the McAfee Labs Threats September 2016 Report ransomware attacks targeting the healthcare industry especially hospitals increased in 2016.
Clarke adds that when a data breach occurs it is important for the organisation to react as quickly as possible to protect their brand, minimise bad publicity and reassure clients that they are doing everything they can to resolve the issue and taking the necessary steps to prevent it from happening again.
Data breaches in the healthcare industry are real, and so too are the costly consequences, says Clarke. “As digital innovations increase in the healthcare industry, data breaches will only continue to grow. It is therefore vital for healthcare organisations to take proactive measures to protect their data.”
“Firewalls, antivirus software and threat detection will not prevent data breaches. The best way to combat the challenge of managing healthcare record systems and to mitigate the risk of loss or breach of sensitive data is to enforce a strict corporate policy and to educate staff on the entire records management system and storage process. However, employing a dedicated records manager or outsourcing records management to a reputable service provider, would be the best solution,” says Clarke.