A Healthcare Minute: Protecting Systems and Patient Data [Video]


Editor’s Note: The following article was recently published on ITN website and is reprinted here with permission.


Healthcare depends on patient trust — trust in the physician, in the system, in the privacy they provide. Security breaches of the IT systems that hold patient data can undermine that trust. Will patients who do not trust the integrity of health IT spill over to providers, leading some to go to other providers? Will those who remain hesitate or refuse to disclose details that physicians and nurses need to manage their healthcare?

In early 2017, hackers successfully cyberattacked Emory Healthcare in Georgia, exposing the data of at least 79,000 patients. Theirs were among more than 325,000 patient records hacked in just the first two months of 2017, according to the U.S. Department of Health and Human Services Office for Civil Rights.

Stopping cyberattacks is critically important not only for the continuation of provider-patient relationships but to prevent loss of revenue and federal penalties. Since the Health Insurance Portability and Accountability Act of 1996 was enacted, the federal government (as of February 28, 2017) has investigated and resolved 24,879 cases that allegedly violated HIPAA rules. Of these, 47 cases have been settled for a total of $67,210,982.

Cyber attackers were responsible for 31% of the major HIPAA data breaches reported in 2016, according to TrapX Security. Last year 93 major cyberattacks were successfully launched against healthcare organizations, according to TrapX. Among the most substantial were Banner Health (3.6 million records), 21st Century Oncology (2.2 million), and Valley Anesthesiology Consultants (880,000).

A leading type involves ransomware — malware that typically encrypts data, which the attacker promises to decrypt if a ransom is paid. The Emory assault was a variation. Cybercriminals removed the appointments database and demanded ransom to restore it.  Emory did not publicly disclose in news articles about the breach whether it paid the ransom.

Other types of attacks may pilfer patient data for sale on the black market. Patient records include loads of valuable information including social security numbers and insurance information.

Keeping these data secure means understanding your IT systems — how they function and what their patterns of operation look like. When patterns change, trouble may be afoot.


The goal is to make the best use of IT, one that optimizes the delivery of effective patient care. When consolidating several PACS, for example, the most direct way is to offer a comprehensive radiology PACS that allows collaboration between the clinician and the radiologist who can view images at the same time. Ideally such a PACS would bring together data from multiple sources as in the case of several EMR systems, each of which may have created separate patient identities. The same goes for workflow, bringing together the different ways the different specialties work.

Consolidating PACS may involve the expansion of a system to take the place of others, for example, expanding a radiology PACS to takeover for the mini-PACS dedicated to pediatric cases (a legacy system tucked away under a radiologist’s desk). Such expansion would require data migration, just as increasing efficiency to handle the increased data load may require upgrading the PACS.

So-called “single-stack” solutions are the easiest to deploy, for example, a single EMR system that handles the records of all patients in an enterprise, one that integrates data and function.

The opportunity to do so, however, seldom exists after healthcare systems consolidate. But there are ways to bring data together by implementing a centralized system.

In radiology the PACS provides the core diagnostic capability to radiologists. The Conserus™ platform extends this capability by adding tools that provide the ability to do a peer review of critical results, as well as to orchestrate and augment workflow. Conserus workflow orchestration tool is a rules-based engine that monitors and orchestrates different workflows throughout the enterprise.

Unifying data flow is Imaging Fellow, which connects data from multiple sources that may exist throughout the enterprise. It extracts specific bits of information, consolidates and aggregates them; then presents them to the radiologist in a way that is easy to understand and use.

Contact Change Healthcare today or if you’re at HIMSS, drop by the Change Healthcare Booth 4202 to learn more about our business continuity and disaster recovery services.


One Response to “A Healthcare Minute: Protecting Systems and Patient Data [Video]”

  1. Neha says:

    Thank you for the solution on how to protect the patient data. This will help the Healthcare industry for being trustworthy of the patient.

Leave a Reply