• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Policy & Value-Based Care

    Mac McMillan’s Words of Warning to Health IT Leaders: Why They Need to be Heeded

    May 7, 2014
    It will be important to move beyond traditional data audit methods in order to meet accelerating threats to PHI in patient care organizations, Mac McMillan told HCI Executive Summit attendees on May 2
    Macmcmillan Smaller
    Macmcmillan Smaller

    Mac McMillan

    “We have to do a better education of insider staff; we also need to pay better attention to monitoring,” Mac McMillan said on the morning of May 2, the final day of the Healthcare Informatics Executive Summit. McMillan, the CEO of the CynergisTek consulting firm, and one of the true luminaries in the area of data security in healthcare, was referring not only to data breaches at patient care organizations in healthcare, but also to the growing wave of medical identity theft. “More than 70 percent of identity theft and fraud in healthcare come from insiders, he pointed out. Further, he noted, “2013 witnessed a 20-percent increase in medical identity theft.” Most importantly, “he said, “traditional audit methods and manual auditing are completely inadequate.”

    Instead, McMillan told the assembled audience at the Mark Hopkins Hotel in San Francisco, “behavior modeling, pattern analysis, and anomaly detection” will be required to stop medical identity theft and fraud in their tracks. And yes, that means that CIOs and other healthcare IT leaders are going to be under even more pressure going forward to develop sophisticated responses to problems that are accelerating rapidly now in healthcare.

    McMillan shared with his audience a story of a recent situation that illuminates some of the challenges that hospitals and medical groups are facing these days. The situation he described is one in which he was personally brought in to help resolve. In that case, the administrators of a hospital were faced with a very strange and perplexing turn of events. Every time a child who had been admitted to the hospital via the emergency department, because of a car accident, he noted, the child’s parents would get solicitation calls from attorneys seeking to represent them. The problem was this: the people at the hospital trying to chase down the evidence in this ongoing case were relying on rules-based controls, such as information being e-mailed out. As it turns out, the perpetrators were viewing the children’s patient records and writing information longhand on a pad of paper to use later.

    What broke the case open was that one of the nurses in the hospital ended up having her 16-year-old daughter involved in a car accident, and was standing at her daughter’s beside when she received an attorney solicitation call—and her daughter hadn’t even been fully processed for inpatient admitting.  “So we took every individual who had touched the record, and we classified them into types, and measured their access to the system over a 30-day period,” McMillan reported. “And we did pattern analysis. Lo and behold, two admitting people were looking at three times the number of records as everyone else.” McMillan and his colleagues worked with the hospital to install hidden cameras, and called in the FBI. And the perpetrators were caught on camera, after 18 months and 1,900 events. The perpetrators, staff members, were charged both with identity theft, and with charges under HIPAA (Health Insurance Portability and Accountability Act) regulations as well. The hospital was not fined.

    “The point” of that story and of so many like it, McMillan said,  “is that a lot of our institutions don’t have that level of monitoring going on in their environment; they can’t tell us what has happened.”

    Mac’s excellent presentation to those assembled at the HCI Executive Summit resonated strongly with attendees, and provoked a robust discussion of some of the challenges facing healthcare IT leaders. Most importantly, as he noted, the threats facing patient care organizations around protected health information (PHI) are accelerating every week now. It is my sincere hope that everyone responsible for protecting PHI will not only focus strongly on these accelerating threats, but will also heed Mac McMillan’s warning, and will move beyond traditional data auditing methods and move into more sophisticated methods, such as behavior modeling, pattern analysis, and anomaly detection, to better protect patient data in an era of greater challenge and threat than ever before in healthcare.

    Continue Reading

    Sponsored Recommendations

    Enhancing Healthcare Through Strategic IT and AI Innovations

    Learn how strategic IT and AI innovations are transforming healthcare - join Tomas Gregorio as he explores practical applications that enhance clinical decision-making, optimize...

    The Intersection of Healthcare Compliance and Security in the Age of Deepfakes

    As healthcare regulations struggle to keep up with rapid advancements in AI-driven threats like deepfakes, the security gaps have never been more concerning.

    Increasing Healthcare Security Behind and Beyond the Firewall

    Read how 5 identity security solutions can help you protect against these threats while improving user experience and reducing costs.

    Improve and Secure Healthcare Delivery with Digital Identity

    Get a deep understanding of how Digital Identity can help secure your healthcare organization while offering seamless access to your growing portfolio of apps and APIs.