With data breach news continuing to top headlines, hospitals and other healthcare organizations are stepping up their data security efforts. IT staff are working diligently to ensure EHR systems, accounting systems, and other patient-related software systems are secure.
Meanwhile, with the focus primarily on patient information, one-off areas like credentialing and enrollment are being overlooked, and that’s putting providers—and their identifiable information—at risk.
It’s clear that more attention needs to be paid to protecting providers’ information. Perhaps it seems a little counterintuitive—after all, if hackers are going to spend their time going after information, it would seem that, on a numbers basis, they would go after the information of millions of patients versus a few hundred or a thousand providers.
However, as patient information becomes more secure, over time, hackers will be looking for other low-hanging fruit, and provider data will become more attractive because it will require less effort to obtain. Furthermore, from an identity perspective, doctors are high-value targets because they are more likely to have higher credit ratings.
So while hackers will not get as big of a payday in terms of the sheer volume of information, there is still value in provider data, particularly if going after a provider requires significantly less effort. This is why healthcare organizations need to look beyond only securing patient data and start including provider data in their security plans.
The risk of hacking grows when an organization has multiple systems storing information pertaining to providers. Because most large health systems employ thousands of providers, it is easy to see how relying on one-off files from office productivity applications, like Word and Excel, to manage credentialing and enrollment can expose an organization to risk, because control over these documents is extremely difficult at best. And with no controls in place, it is impossible to keep an employee from taking a file with providers’ information, such as Social Security numbers, key demographic information, and more. Mobile devices, such as laptops also are at risk for containing provider information.
When information sits unprotected on an individual or network computer, it is also more vulnerable to hackers. From an external hacker scenario, it is simply a numbers game before unsecured data is compromised. It only takes one employee to open an attachment that is carefully designed to enable outside access to unsecured files stored either on a network or the employee’s individual computer.
Another area in which security, and control, is overlooked is when provider information is electronically shared with payers and plans. Most organizations lack a secure bridge to transfer information between a health system and plan. As a result, providers are at risk when their information is shared in an unsecure manner, such as by email.
It is time healthcare organizations add providers to their data security efforts. An important first step is moving provider information off of one-off files and onto a secure comprehensive provider data system. With a single place to store and access provider enrollment data, it is significantly easier to maintain control over information.
Here are some simple steps that an organization can take to better secure provider’s information:
- Make sure policies and procedures are being followed when it comes to provider data. Organizations without policies in place for storing, accessing and sharing provider data must develop them immediately.
- Consider switching to comprehensive provider enrollment software. For organizations that already have a provider enrollment system, make sure that the system encrypts provider data, both when it’s transferred and when it’s at rest.
- Make sure all transmission of provider data is secure. This may mean using a secure portal instead of email to transmit information to plans.
Provider organizations already spend considerable sums attracting providers and keeping them happy. As such, it’s important to consider the impact of a breach of provider data. Having a secure system in place to protect provider information will not be a recruitment incentive nor will it be a competitive differentiator, it is expected. Regardless of the industry, when an employee provides their personal information to an employer, they expect that information to be safe. Unfortunately, when it comes to provider data that is rarely the case.
Credentialing and provider enrollment processes require providers to share significant amounts of personal and professional data. Putting processes and procedures in place to safeguard this information and getting providers properly enrolled up front will help avoid issues later.
Register or login for access to this item and much more
All Health Data Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access