5 Common Medical Data Security Mistakes (and How to Correct Them)

According to a study by the Ponemon institute, medical data is very valuable on the black market. Unlike credit card information, a medical record has more personal data. This includes physical markers and medical history. As a result, hackers are now targeting healthcare databases. To protect itself, the healthcare industry must improve its data security. One way of doing this is by avoiding the following 5 common medical data security mistakes. It must also know how to correct them.

1) Focusing on Compliance and Not Security

The Health Insurance Portability and Accountability Act (HIPAA) and Affordable Care Act (ACA) have changed the healthcare industry. They have forced it to adopt IT by requiring health care practices to comply with their regulations. According to Bradley University’s Department of Nursing, compliance alone is not enough to ensure security. Many security breaches still plague HIPAA compliant databases. To address the problem, security must also be made a priority.

2) Not Dealing With Bring Your Own Device (BYOD) Insecurity

Doctors and other healthcare workers bring their own mobile devices to work. They use them to text and email patients as well as each other. Of concern to data security experts is the lack of encryption on these devices. When they get lost or stolen, the medical data they contain is put at risk.

3) Not Investing Enough on Security

According to CNBC, most industries dedicate as much as 20% of their budget to data security. It adds that in healthcare organizations, this figure drops to 14%. And the reason is simple. Health care organizations run tight budgets with little money left over for security. But considering what is at stake, the health IT industry must invest more in this critical area.

4) Security is Not a Priority

Users pose the greatest threat to data security. How they use their laptops and mobile devices can expose an entire system to viruses, hackers, and malware. Unfortunately, health workers view IT security as the responsibility of the IT department, not theirs. And because of this attitude, they continue to compromise the security of the data they handle.

5) IT Systems are Either Too Simple or Complex

IT systems must balance ease-of-use and security. But, most of them fall on either side. They either focus on usability and are too simple and open to misuse. Or, they focus too much on security and are unusable. Now, if users cannot understand how to use a system, they will eventually make critical mistakes. Thus, IT systems must always strike a balance. They must be easy to use yet secure.

5 Ways of Correcting Medical Data Security Mistakes

While security breaches are rampant in the medical field, there are some things that every organization can do to prevent security issues within their network. Here are a few of them:

1) Implementing Risk-Management Procedures

Although HIPAA compliance is important, it is only part of the solution. The rest lies in having a comprehensive risk-management policy such as behavioral analytics which help identify threats before they become a problem.

2) Using Two-Factor Authentication

Two-factor authentication is a good answer to data insecurity. Secure logins can involve using combinations of passwords and fingerprint, iris, or badge scans. But in healthcare, fingerprint scans are impractical. Health workers sometimes wear gloves in sanitary environments.

3) Using Encryption

Encryption protects sensitive data in the event of an attempted hack. The data on a stolen or lost mobile device also remains secure if encrypted.

4) Implementing EMM (Enterprise Mobility Management) Systems

EMM systems help secure all mobile devices which access a specific network. A good example is BlackBerry BES12. Health organizations use it to maintain data security regardless of the device used to access their network.

5) Educating Employees

An organization must build a security culture by educating employees on security. With the knowledge, they will view security as a personal responsibility.


Securing health data has become a priority today. This is as more hackers target the health sector owing to the value of medical data on the black market. But security is not difficult to achieve. An organization must avoid the five mistakes listed above. It must also apply the five recommendations also listed above.