Top Five Risks Facing the Healthcare Industry
The healthcare industry faces unprecedented risks and compounding regulatory compliance requirements. They’re particularly vulnerable due to their heavy involvement in patient personal information, time constraints, and nature of day-to-day operations. Below are what we consider to be the top 5 risks for healthcare.
1. Cyber Threats
The healthcare industry continuously undergoes changes as new technology is developed and implemented into patient care, facility management, and everyday routines. As a result, cyber threats continue to evolve to adapt to and circumnavigate these updates. Primary concerns stem from electronic records of personally identifiable information (PII). While these are easy to access internally and through approved third-parties, the records also become more vulnerable to cyber criminals.
Healthcare professionals also need to be wary of cyber attacks that could threaten critical operations, such as removing power or access to locked doors or shutting down health-related systems. You can never be certain of the motive, so it’s always best to be prepared for worst-case scenarios. As history has proven, some cyber criminals will hold critical functions for ransom, some will quietly try to steal data, and some just want to cause destruction.
Data breaches and gaps in network security can extend far beyond damaging your reputation and accruing legal fees, but also endanger the patients the hospital vowed to protect. Easy first steps begin with system awareness and training, incident response plans, and certification and accreditation
2. Physical Attacks
Increasingly, physical threats are growing and even healthcare facilities are not immune to the threat. In an example from this past year at Mercy Hospital in Chicago, four people were killed in a shooting. The man was able to make his way from the parking lot where the shooting started, and proceeded inside the facility.
Not only does an inadequate physical security defense leave employees vulnerable, but patients are also at risk. In fact, a study shows that hospitals are twice as likely to experience a physical attack incident than a cyber attack or breach. Easy initial steps are ensuring access controls such as requiring patients to be buzzed in past reception, proper security at entrances, special access to certain floors through the elevator or from the stairway, etc. Badge tap, proximity badges, and biometrics are optimal, but expensive solutions. Intrusion detection systems, security lighting, and video surveillance are all easy steps that contribute to a safer environment.
3. Compliance Lapse
Today’s healthcare regulatory environment is more complex than ever, putting facilities at higher risk of non-compliance. Healthcare organizations and providers need to be fully aware of all laws and regulations that apply to them. These can include HIPAA, HITECH, patient care, billing, etc. Healthcare organizations and providers also have to comply with regulations that apply to non-healthcare businesses such as the Occupational Safety and Health Administration (OSHA) and the Equal Employment Opportunity Commission (EEOC). Many of these standards and practices will overlap with risks and propose basic requirements for attempting to mitigate them.
It’s now much easier for non-compliance to get noticed. HIPAA, for example, is more widely known and patients understand the rights they should expect, coupled with The Department of Health and Human Services’ Office for Civil Rights making it easy to file complaints and prompt investigations. According to the HIPAA Journal, 94% of organizations reported inadequate risk management plans in 2017.
4. Healthcare Illness
It’s not difficult to imagine that one of the greatest risks of healthcare facilities is spreadable illness and germs. Affecting both staff and patients, unnecessary exposure to bacteria or viruses can completely derail your operations. This ranges from catching a cold to Healthcare-associated infections (HAIs).
Infections that patients get while receiving treatment for medical or surgical conditions. Health.gov reports that 1 of every 25 inpatients gets an infection due to their hospital care, which “lead to the loss of tens of thousands of lives and cost the U.S. health care system billions of dollars each year.”
Company policy and training is crucial to ensure this is prevented. Simple processes like washing your hands after treating every patient has been recommended since 1846 and is now required because it reduces the likelihood of transferring illness, yet hospitals still report they have trouble enforcing this with staff. Ensure sanitation systems are up to date and all employees are trained.
5. Privacy Management and Information Security
With companies still settling into GDPR-forced changes in operation, the ripples are still making their way across the United States as privacy becomes a focal point. The California Consumer Privacy Act, for example, is a new state law that imposes GDPR-like privacy protections and other states are following suite. As we discussed for cyber threats, the healthcare industry, in particular, needs to be concerned of PII and sensitive data.
Managing all users and data is a challenge that not everyone is prepared to adapt to, simply because they lack the resources to implement such a change. Many organizations are set up to share workstations to quickly log patient notes, and have a general-use password. In a time when patients need to be able to access their own records and data as well, this information must be made available to them online while still being protected.
In response, many healthcare organizations are moving to role-based access and reviewing access rights more frequently. This and logging ensures employees aren’t accessing patient information that they don’t need to see to do their jobs. On-site and for patients, moving to multi-factor authentication is gaining traction to ensure personal information stays protected. The struggle is and will continue to be, finding the right balance between security and streamlining the healthcare process.
Are you managing risk in a healthcare organization? Get a personalized demo to discuss how we can meet your needs for physical security, cybersecurity, audits, managing compliance to any regulation or standard, or any other needs you may have.