IT Tips & Tricks
Published 22 August 2022
Healthcare Data Migration: Oh, the Headaches!
Data, particularly personal information, carries a price tag. Whether on your own servers, in the Cloud, or during a migration, your data is like a prize target at a hunt. In the last year alone, almost 43 million individuals have had their personal information stolen during healthcare breaches, much of it ending up on the dark web.
Why would personal information end up on the dark web? Well, that’s easy. You, or at least your data, are a commodity. Hacked credit cards fetch around $20 to $120 on the dark web. Online banking login info is worth about $45, as is a hacked Facebook account. But healthcare records are commanding some of the highest prices in this shadowy underworld: anything from $250 up to around $2,000, depending on the quality of the data. It’s some of the most sought-after data out there.
This has prompted the healthcare industry to migrate their data to increasingly more secure locations, predominantly in the Cloud. But the sheer volume of healthcare data is astounding.
Did you know that approximately 30 percent of global data is generated by the healthcare sector? By 2025, global data is expected to reach 175 zettabytes or 175 trillion gigabytes. Thirty percent of that is a lot of data and this rapid growth demands increased storage capacity, which in turn necessitates migration to larger storage alternatives, such as the Cloud. Data migrations within the healthcare industry are known to be challenging, with more than their fair share of headaches. We’ll outline a few pitfalls to be aware of and offer a solution to eliminate at least one major source of pain.
Medical records are a hacker’s delight.
Hacker’s Delight
Medical data is worth a small fortune on the dark web.
Apart from the usual personally identifiable information (PII) such as the patient’s name, address, email address, phone number, date of birth, Social Security number, and driver’s license number, medical records may also indicate a patient’s race, employer, preferred pharmacy, credit card number, prescriptions, lists of medications, medical devices (many of which provide data to healthcare professionals through hackable apps), details on religious choice, insurance information, and the names and contact information of emergency contacts or next of kin.
Medical records are a hacker’s delight, so airtight security is an absolute must.
We’ve previously covered security issues and we’ve provided links to those articles at the end of this one, so we’re not going to belabor the topic. Our parting thoughts on this issue are two key points: multifactor authentication and encryption. Seriously, they’re a must.
Faster Than Faxing, but . . .
In the United States, healthcare providers are encouraged to adopt electronic health records (EHRs) for patients and health information exchanges (HIEs) to enable doctors to share patient data more easily. If you’ve ever had to forward lab results from your doctor to a specialist, you can appreciate the ease of information exchange when that information is in digital format. But a network that stores tons of medical data — designed to facilitate data-sharing between multiple healthcare providers — is also an Aladdin’s cave for hackers. The burden is on providers to secure their patients’ data and comply with regulatory controls.
In a 2021 CyberMDX-Phillips collaborative survey, less than 11 percent of hospital IT execs named cybersecurity as a high-priority investment. Unsurprisingly, 48% of those execs also reported a shutdown of their systems due to ransomware attacks within the previous six months.
As more and more medical data is digitized, the incidence of data theft increases proportionately, which means encryption should no longer be optional. It’s become an absolute necessity. As healthcare providers grapple with how to incorporate state-of-the-art technology into their practices (without violating HIPAA — Health Insurance Portability and Accountability Act — or putting patients at risk), one thing has become clear: Encryption is one of the best insurance policies against the growing threat to the security of healthcare data.
Less than 11% of hospital IT execs named cybersecurity as a high-priority investment.
What You Should Know About Encryption
We’re not going to deviate from the standpoint that encryption is vital, but there are a couple of factors to bear in mind.
Let’s say the lab in a hospital sends some bloodwork results up to the urgent care unit. Those records are generally protected by the hospital’s IT security and, for providers who are conforming to HIPAA, are encrypted during transit. Great.
Later, however, the patient, who was discharged and is now recovering at home, requests the bloodwork results, and the hospital diligently emails them to the patient.
Encryption: the key to data security.
The minute those records leave the hospital system, those records are generally unencrypted, and the patient’s medical privacy is now in his or her own hands. Not so great.
There is, however, an effective strategy that protects the data, the provider, and the patient, all while maintaining HIPAA compliance. It starts with an understanding of encryption, beyond the mere fact that encryption is the process of translating data into another form — or code — that can only be accessed by someone with a secret key (known as a decryption key) or password.
There are several encryption protocols available on the market today, and while HIPAA doesn’t specify a particular type of encryption that providers must use, it does outline the acceptable parameters for data security, which ultimately comes down to two options that are worth adopting.
The Advanced Encryption Standard (AES-256) provides a series of robust security steps and a complex 256-bit decryption key. It is almost impossible to break with brute-force methods and has been approved, for example, for the handling of confidential data by the US government. It is probably your best encryption option for healthcare data.
Transport Layer Security, also known as TLS, is another protocol that supports secure data transmission over the internet via HTTPS, email, or instant messaging. This protocol uses AES-256, plus additional security measures which result in a secure data transfer.
Why are we mentioning two options? Remember the great and not-so-great scenarios we described above? Well, AES-256 protects digitally stored at-rest data, such as data stored on a server hard drive or SSD, including data sitting on a mobile device such as a tablet or phone.
TLS protects data when in transit, such as when it’s moving between a sender and a destination, including data shared by email, data transmitted to Cloud storage, or data transmitted between central servers and mobile devices.
With that being said, one of the best ways to protect data during transfers between a provider and a patient is to avoid sending the actual data by email. Instead, consider offering the patient a link to a secure site (with user authentication), so that the patient can safely view the information in a secure environment.
Missing data, particularly in the healthcare industry, can have potentially disastrous results.
This simple step protects the data, the patient, and the provider, all while maintaining HIPAA compliance, and could be considered the best practice for healthcare data security in your organization.
Healthcare in the Cloud
Security issues aside, Cloud technology provides healthcare organizations with a host of benefits such as meeting regulatory infrastructure mandates, reducing costs, addressing security and compliance issues such as HIPAA and HITECH, and making overall improvements to business processes that could otherwise drain productivity and resources.
Yet, even as the Cloud gains massive traction across the healthcare industry, an organization’s transition isn’t always seamless.
Capacity and Interoperability
No matter where you're migrating your data to, LinkFixer Advanced™ protects against broken links and missing data.
As in most industries, data migration is one of the ways to scale the storage capacity of healthcare data. Existing systems may simply have insufficient space to store the massive amounts of data generated in a modern medical facility. To stay abreast of the ever-increasing storage demands, it becomes essential for hospitals and clinics to either migrate to another system or to the Cloud.
Perhaps in no other industry does the accessibility of data mean more. Life and death decisions are made based on the available data. Would you want a doctor or medical team making a decision of life-changing importance without access to your full medical history? No, us neither.
For most providers, this means moving their patient records and healthcare data to the Cloud, where it can be accessed and updated by the relevant medical professional in real-time, allowing for rapid decision-making based on all the information.
Prescription To Handle That Headache
Earlier, we promised you a solution to one major source of pain. If you’ve ever done a data migration, you know what it can be like, and you no doubt understand why Gartner says that around 83 percent of data migrations fail.
Missing data can be a huge problem and commonly occurs when file links get broken during the migration process itself. It goes without saying that missing data, particularly in the healthcare industry, can have potentially disastrous results.
So, how do you prevent it? Whether you’re preparing for a migration, or you’ve already completed one, the prescription is the same: LinkFixer Advanced.
Used before your migration, this software will ensure healthy, intact file links once your migration is complete, and, therefore, no data loss. If you’ve already got missing data due to broken links, think of LinkFixer Advanced as your dedicated ER team. Save that data, stat!
For more information, visit LinkTek.com or call 727-442-1822 to chat with a friendly Service Consultant about a free demo or a no-credit-card-required free trial. Don’t forget to ask about the third way LinkFixer Advanced could help you.
There is a way to protect the data, the patient, and the provider, all while maintaining HIPAA compliance.
We’ve published articles on cybersecurity in the context of data migrations before. This article offers defensive tips, this article outlines 16 steps to increase cybersecurity, this article helps CIOs and IT managers adopt heightened digital defenses, this one offers anti-ransomware tips, and this one illustrates how easily a breach can occur, and offers a battle plan for defensive action.
Feel free to share this article on your social media: