Children’s hospitals are renowned for the expert care they provide. But because of the specialized nature of their services and the vulnerability of their patients, they face unique healthcare IT challenges. What are the most prevalent risks to children’s hospitals – and how can privacy and security officers combat them? To help better understand and mitigate these dilemmas, we’ve put together the top three threats to children’s hospitals and the steps you can take to keep patient data safe.
A surgeon learns her nephew has been admitted to the mental health department at the children’s hospital where she practices. In a moment of curiosity, she accesses his medical record without authorization. Even though she’s a close family member and a practitioner at the same facility, this is still a privacy violation.
To prevent instances like this, it’s vital to encourage a culture of patient data privacy at your organization – starting with initial onboarding and periodic re-training of hospital staff. Practitioners and other EHR users who stay informed of the harm that snooping causes – and potential consequences, including termination – are less likely to access unauthorized records.
When Elizabeth Hunt joined Southeastern Health as their Chief Compliance Officer, she delivered focused training in order to reduce instances of household and employee snooping. The increased awareness among all physicians and staff has drastically reduced snooping in her organization.
“Train right in the beginning, and you’ll have less non-compliance in the end.” – Elizabeth Hunt, Chief Compliance Officer, Southeastern Health.
“We’ve had a decrease in employee snooping,” Hunt continues. “I feel it’s because we’ve been able to educate the staff to get them thinking not just about what the privacy policies are, but why the rules are significant.”
2. Drug diversion
Because children’s hospitals treat serious medical conditions, facilities provide larger pharmacies with stronger prescriptions. As a result, the hospitals become targets for drug diversion. Drug diversion occurs any time a prescription medication is removed from its intended path from manufacturer to patient – and the consequences can be deadly. In 2018, more than 115 people died from prescription opioid overdoses each day. Diversion harms both the diverters and patients as they’re denied necessary medication and pain relief. For the most part, drugs aren’t pilfered with malicious intent or for monetary gain. Instead, diverters steal medications because they struggle with addiction – and opioids are so powerful that one dose can cause someone to become addicted.
“There are very few instances where drug diversion is made for financial gain. In the vast majority of cases, it’s addicts feeding their own addiction.” – Commander John Burke, President of Pharmaceutical Diversion Education
How do you combat such a threat to personal and public health in your organization?
Establishing a drug diversion monitoring program is key to empowering medical centers to find and eradicate drug diversion. Gaining visibility into where medications are going, ensuring that patients are receiving them in the right amounts, and establishing anonymous reporting programs so that remedial action can be taken protects your organization’s patients – and reputation – before the drug diverters can do significant damage.
3. Identity theft
From checking bank accounts to credit reports, adults have information at their fingertips to monitor for identity theft. But children who may not have immediate access to this information are especially vulnerable.
“As adults, we’re hypersensitive right now to the idea that our identities are at risk and our personal information is out there. We’ve Jedi mind-tricked ourselves into thinking this is an adult problem.” – Al Pascual, senior vice president of research and the head of fraud and security at Javelin Strategy & Research
Consequently, the PHI stored in children’s hospitals must be kept secure – children’s health records are a valuable commodity among identity thieves. In Arkansas, a children’s hospital employee was investigated for stealing the health records of over 4,500 patients. Considering insider threats like these, how can children’s hospitals protect themselves and their patients against identity theft?
Adopting a patient privacy monitoring program with AI and machine learning capabilities can help you detect similar incidents and remediate them before sensitive information leaves the building. Machine learning is a facet of AI that learns much like a human does – but with the added benefit of being able to leverage massive amounts of data to find patterns in a fraction of the time it would take a person. With its ability to detect patterns, it can also identify changes in workflow. If a hospital employee with access to PHI typically accesses 10 records per day, but then begins to access 100 records daily, machine learning identifies that deviation in behavior and quickly alerts a privacy professional. This technology empowers you to take prompt action to remediate the behavior and protect the PHI of children – a population with a heightened risk of identity theft.
Children’s hospitals are beacons of their communities, equipped to handle the unique needs of their younger patients. But with their advantages come the added challenge of keeping sensitive information secure in a world where children are sometimes seen as easy targets. In spite of this, when organizations armor themselves with programs like patient privacy intelligence, drug diversion monitoring, and AI capabilities, they equip themselves to protect PHI and focus on doing what they do best – treating children and helping families.