Protecting the data in electronic health records did not start with the advent of HIPAA — the Health Insurance Portability and Accountability Act of 1996 — as many people think. Protecting health records has been a critical requirement in the healthcare space since the computers became a fixture in hospitals. However, HIPAA added public reports of fines issued for covered entities’ failure to properly protect data contained within EHRs.
Many people assume that EHR data has limited value to unauthorized users. (Who cares about my blood test results, or that I just visited my dermatologist?) Understanding their value is quite simple, though. In addition to personal health information, or PHI, EHRs contain Social Security numbers, which never expire — and cybercriminal use of SSNs is not easily detected.
No Expiration Date
Stealing EHRs is better for cybercriminals than stealing credit cards, which can be used only until the card expires, is maxed out or canceled, according to a Trend Micro study released last month.