While many healthcare organisations are becoming more aware of the risks posed by cyber threats to their data security, incidents such as hacking attacks are not the only way in which sensitive digital data can be compromised.
One frequently overlooked problem is that of visual data breaches, when confidential information is viewable by people who should not have access. This more low-tech challenge may not grab the headlines in the same way as large-scale cyber breaches, but it is a far more frequent occurrence - and one that providers need to be wary of.
Speaking to Modern Medicine, Florida-based independent internal medicine practitioner Dr Luci Belnick said it is all too easy for lapses to occur.
She noted that one of the most challenging times for universities is during admissions periods, when data is constantly being received and created. To cope with this, organisations must therefore have processes in place that can continually monitor incoming data for new records that must be protected. Once this data has been identified, it needs to be appropriately classified to ensure only authorised personnel have access.
"When you bring the next patient into your exam room, once in a while, you might have left the last guy's note open" on the monitor, she stated. "I try not to, but once in a while it happens."
Other problems can be caused when doctors are working on patient records in public places such as busses, trains or planes. Dr Belnick said when she does this, she protects data by using a magazine to block data from view - but this is not exactly a foolproof method of ensuring security.
Modern Medicine therefore offered several tips for minimising the risk of visual hacking. These include ensuring that any monitors that can display patient health information has an automatic shutoff feature that will kick in after a period of inactivity.
Staff also need to be effectively trained to ensure that anyone requesting access to records is entitled to it. In many cases, data can be compromised because employees are too trusting and do not question people who claim to be from the IT department, for instance.
Organisations should also schedule regular walk-throughs to ensure that procedures are being followed, the publication added.