Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn more about a class action lawsuit against Google, how healthcare executives may be in denial of drug diversion at their own facilities, Iranian malware attack risks, and more.
In 2017, the University of Chicago Medical Center announced a partnership with Google to share patient data, promoted as a way of improving predictive analysis in medicine. Using this information, Google intended to feed the medical records to artificial intelligence (AI) and build technology that can automatically diagnose patients.
But on June 26, a class action lawsuit against Google and the University of Chicago was filed, accusing the medical center of sharing thousands of patient records with the tech company without removing date stamps and doctor’s notes. Although a Google spokesman insists that the company followed HIPAA guidelines, this raises privacy concerns because dates and times of when patients checked in and out of the hospital were still included on each record. The complaint claims the university committed consumer fraud because patients never consented to disclose their medical records to Google.
“We believe that not only is this the most significant health care data breach case in our nation’s history, but it is the most egregious given our allegations that the data was voluntarily handed over.” – Jay Edelson, founder of Edelson PC
Nearly a year after issuing its first policy to address artificial intelligence (AI) in healthcare, the American Medical Association (AMA) updated its list of policy recommendations during the AMA House of Delegates annual meeting last month. Focusing on enhancing patient care, improving overall health, and increasing value, the association proposed a “baseline policy” to set priorities for the ethical use of AI in medicine.
“Medical experts are working to determine the clinical applications of AI – work that will guide health care in the future… We have to make sure the technology does not get ahead of our humanity and creativity as physicians.” – Gerald E. Harmon, M.D., former chair of the AMA Board of Trustees
What does this mean for facilities that use AI for healthcare? Read the full list of the AMA’s proposed changes here to find out more.
As tensions build between the United States and Iran, Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs has issued a warning – the risk of Iranian cyberattacks is on the rise. United States industries, government agencies, and healthcare providers are especially vulnerable to threats such as wiper malware and ransomware that wipe networks clean or bring systems to a screeching halt. According to the Healthcare Cyber Heists in 2019 report by Carbon Black, 45% of healthcare CISOs fell victim to a wiper malware attack in the past year.
As devastating as these types of cyberattacks can be, the hackers still use basic technology and social engineering to gain access to sensitive information – and basic cybersecurity measures such as using strong passwords, limiting login rates, multi-factor authentication, and setting permissions are potentially enough to block common attack methods. Krebs warned that all U.S. industries, businesses, and agencies should remain alert to cybersecurity risks. “If you suspect an incident, take it seriously and act quickly.” – CISA Director Christopher C. Krebs
According to a new report from KLAS-CHIME, larger healthcare organizations have adopted more sophisticated healthcare security strategies – while smaller providers have been falling behind. Although the majority of those surveyed indicated that they have network access solutions for monitoring devices, smaller facilities are less likely to have cybersecurity policies in place.
The survey also revealed that large organizations are three times more likely to have adopted digital signatures and other cybersecurity technology. But what prevents smaller organizations from taking the measures needed to strengthen their security posture? A significant barrier that smaller organizations face for tackling privacy and security policies is a lack of resources – while healthcare security leaders are aware of threats, they may not have access to the tools needed to properly mitigate them.
According to a new survey conducted by conducted by KRC Research for Becton, Dickinson and Co. (BD), nearly 85% of leaders in the healthcare industry agree that drug diversion is a significant problem in U.S. healthcare organizations – but only 20% believe the problem exists at their own facilities.
A key finding in the study is the “Not-In-My-Backyard (NIMBY) Effect,” the belief that drug diversion is somebody else’s problem, although half of the providers and staff surveyed reported observing suspicious activity in their medical centers that could be evidence of diversion.
“Healthcare executives and providers recognize this is a problem but not at their institution. So with that, it’s difficult to become resourced appropriately to do diversion management or any kind of management with controlled substances.” – Katelyn Hipwell, Pharm.D., M.P.H., Pharmacy Clinical Operations Manager for the University of Virginia Health System
Why is it that drug diversion has become such an overlooked problem in the United States? Read the full article to find out more.
A new report by Integris Software shows that healthcare leadership at large is overly confident in the maturity of their data privacy. Of 258 top executives and IT decision makers, 70% said they were very or extremely confident in knowing exactly where their sensitive data resides. However, half of those surveyed update their personal data inventory only once a year – or even less often.
“While the healthcare industry is outpacing many other sectors for organizational data privacy maturity, its volume of severe security breaches and overconfidence in technical maturity are concerning. We hope this study helps shine a light on these contradictions and encourages organizations to improve the health of their data management systems and processes.” – Integris Software
How safe is patient data when key decision makers believe they take more action than they actually do to ensure patient privacy? Read the full article to discover more.