© Copyright AAMI 2014. Single user license only. Copying, networking, and distribution prohibited.
Frontlines
Risky Business I’ve been in hospitals—both as a patient and as a visitor— too many times to count. Looking back, I can see that each time I was there, especially since the advent of the camera phone, I have had opportunities to exploit the privacy of patients who were there trying to regain their health. One click with the iPhone and one upload to Facebook. One Twitter rant. One e-mail. I’m just one (nosey) person, but my impact could have been serious. Unfortunately, this issue with patient privacy is much more dangerous and complex—with far greater implications for healthcare facilities and even patient safety. Privacy breaches in healthcare settings aren’t uncommon. The risks remain high. Reports of infringements are on the rise. In fact, 804 have been reported to the U.S. Department of Health and Human Services since 2009. In 2013 alone, almost 7.1 million patient health records were breached—just one of those incidents involved more than 4 million patient records, according to our cover story on page 166. Hospitals are vulnerable to outside forces that work relentlessly to gain access to patients’ private data, whether it’s curious visitors or staff, or thieves or hackers who seek patient names, birthdates, and Social Security numbers, as well as other sensitive information. Clinical engineers and biomedical equipment technicians have a crucial role to play safeguarding patient data on medical devices. The leaders in the field are in the know about threats on the horizon and about how they can help to secure a hospital’s network. Our cover story examines that, as well as offering practical tips to prepare for, mitigate, or prevent a privacy breach. In closing, let me properly introduce myself. I’m a born journalist. Most recently, I was the editor of a monthly magazine for cataract and refractive surgeons. I’m excited to learn more about the healthcare technology management field, and I want to hear your ideas. Drop me a line at [email protected], or call me directly at 703-253-8293. I promise not to sell your information to the highest bidder. n
Senior Director of Communications Sean Loughlin
Rick Hampton Partners Healthcare System Boston, MA
Managing Editor Jena Passut
Gregory L. Herr The Christ Hospital Cincinnati, OH
Editorial Board Chair W. Glenn Scales, CBET Durham, NC
Larry W. Hertzler, BS, MBA, PE, CCE ARAMARK Healthcare Charlotte, NC
Publisher Allen Press Publishing Services Advertising Manager Jane Richardson Graphic Designer Kristin Blair Copy Editors Barbara Saxton Joseph Sheffer Editorial Board Pat Baird Baxter Healthcare Corporation Round Lake, IL Matthew F. Baretich, CCE, PhD, PE Baretich Engineering Inc. Fort Collins, CO Michael J. Capuano, CBET, CCE Hamilton Health Sciences Corporation Hamilton, ON, Canada J. Tobey Clark, CCE University of Vermont Technical Service Program Burlington, VT Ted Cohen, MS, CCE University of California Davis Health System Clinical Engineering Department Sacramento, CA Robert E. Dondelinger, CBET-E U.S. Military Entrance Processing Command North Chicago, IL Larry Fennigkoh, PhD, PE, CCE Milwaukee School of Engineering Milwaukee, WI David E. Francoeur, CBET Crothall Healthcare Coppoll, TX Russell Furst Lakeland Regional Health System Biomedical Engineering St. Joseph, MI John Gagliardi MidWest Process Innovation, LLC Maineville, OH
Jena Passut Managing Editor [email protected]
154
Biomedical Instrumentation & Technology May/June 2014
Izabella Gieras, MS, MBA, CCE Huntington Memorial Hospital Pasadena, CA Alan Gresch Alpha Source Inc. Milwaukee, WI
Jeff Kabachinski, MCNE, MS-T ARAMARK Healthcare Charlotte, NC Sue Klacik IAHCSMM Canfield, OH Alan Lipschultz, CCE Healthcare Technology Consulting LLC North Bethesda, MD Patrick K. Lynch, CBET MBA CCE Global Medical Imaging (GMI) Charlotte, NC Kenneth E. Maddock, BSEET Baylor Scott and White Health Dallas, TX Royce “Glen” McQuien Crothall Healthcare San Antonio, TX Manny Roman, CRES Salon, OH Rick Schrenker, MS Massachusetts General Hospital Department of Biomedical Engineering Boston, MA Ed Snyder Thomas Jefferson University Hospital Philadelphia, PA Dave Stiles, CBET Long Beach Memorial Medical Center Long Beach, CA
Mention of any commercial product, process or service by trade name, trademark, manufacturer, or otherwise in BI&T does not constitute or imply an endorsement or recommendation by AAMI. The views and opinions of the authors in BI&T do not state or reflect the opinion of AAMI. POSTMASTER: Send address changes to: BI&T, 810 E. 10th Street, P.O. Box 1897, Lawrence, KS 66044-8897. AAMI Members send changes to AAMI; 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633; non-members send changes to Kansas address above.
© Copyright AAMI 2014. Single user license only. Copying, networking, and distribution prohibited.
Does your staff have wildly different knowledge of safety procedures? We’ve solved that.
AAMI University An advanced learning platform to keep medical technology professionals informed and educated on emerging issues and standards.
For more information, go to university.aami.org or call 703-525-4890
Frontlines
Risky Business I’ve been in hospitals—both as a patient and as a visitor— too many times to count. Looking back, I can see that each time I was there, especially since the advent of the camera phone, I have had opportunities to exploit the privacy of patients who were there trying to regain their health. One click with the iPhone and one upload to Facebook. One Twitter rant. One e-mail. I’m just one (nosey) person, but my impact could have been serious. Unfortunately, this issue with patient privacy is much more dangerous and complex—with far greater implications for healthcare facilities and even patient safety. Privacy breaches in healthcare settings aren’t uncommon. The risks remain high. Reports of infringements are on the rise. In fact, 804 have been reported to the U.S. Department of Health and Human Services since 2009. In 2013 alone, almost 7.1 million patient health records were breached—just one of those incidents involved more than 4 million patient records, according to our cover story on page 166. Hospitals are vulnerable to outside forces that work relentlessly to gain access to patients’ private data, whether it’s curious visitors or staff, or thieves or hackers who seek patient names, birthdates, and Social Security numbers, as well as other sensitive information. Clinical engineers and biomedical equipment technicians have a crucial role to play safeguarding patient data on medical devices. The leaders in the field are in the know about threats on the horizon and about how they can help to secure a hospital’s network. Our cover story examines that, as well as offering practical tips to prepare for, mitigate, or prevent a privacy breach. In closing, let me properly introduce myself. I’m a born journalist. Most recently, I was the editor of a monthly magazine for cataract and refractive surgeons. I’m excited to learn more about the healthcare technology management field, and I want to hear your ideas. Drop me a line at [email protected], or call me directly at 703-253-8293. I promise not to sell your information to the highest bidder. n
Senior Director of Communications Sean Loughlin
Rick Hampton Partners Healthcare System Boston, MA
Managing Editor Jena Passut
Gregory L. Herr The Christ Hospital Cincinnati, OH
Editorial Board Chair W. Glenn Scales, CBET Durham, NC
Larry W. Hertzler, BS, MBA, PE, CCE ARAMARK Healthcare Charlotte, NC
Publisher Allen Press Publishing Services Advertising Manager Jane Richardson Graphic Designer Kristin Blair Copy Editors Barbara Saxton Joseph Sheffer Editorial Board Pat Baird Baxter Healthcare Corporation Round Lake, IL Matthew F. Baretich, CCE, PhD, PE Baretich Engineering Inc. Fort Collins, CO Michael J. Capuano, CBET, CCE Hamilton Health Sciences Corporation Hamilton, ON, Canada J. Tobey Clark, CCE University of Vermont Technical Service Program Burlington, VT Ted Cohen, MS, CCE University of California Davis Health System Clinical Engineering Department Sacramento, CA Robert E. Dondelinger, CBET-E U.S. Military Entrance Processing Command North Chicago, IL Larry Fennigkoh, PhD, PE, CCE Milwaukee School of Engineering Milwaukee, WI David E. Francoeur, CBET Crothall Healthcare Coppoll, TX Russell Furst Lakeland Regional Health System Biomedical Engineering St. Joseph, MI John Gagliardi MidWest Process Innovation, LLC Maineville, OH
Jena Passut Managing Editor [email protected]
154
Biomedical Instrumentation & Technology May/June 2014
Izabella Gieras, MS, MBA, CCE Huntington Memorial Hospital Pasadena, CA Alan Gresch Alpha Source Inc. Milwaukee, WI
Jeff Kabachinski, MCNE, MS-T ARAMARK Healthcare Charlotte, NC Sue Klacik IAHCSMM Canfield, OH Alan Lipschultz, CCE Healthcare Technology Consulting LLC North Bethesda, MD Patrick K. Lynch, CBET MBA CCE Global Medical Imaging (GMI) Charlotte, NC Kenneth E. Maddock, BSEET Baylor Scott and White Health Dallas, TX Royce “Glen” McQuien Crothall Healthcare San Antonio, TX Manny Roman, CRES Salon, OH Rick Schrenker, MS Massachusetts General Hospital Department of Biomedical Engineering Boston, MA Ed Snyder Thomas Jefferson University Hospital Philadelphia, PA Dave Stiles, CBET Long Beach Memorial Medical Center Long Beach, CA
Mention of any commercial product, process or service by trade name, trademark, manufacturer, or otherwise in BI&T does not constitute or imply an endorsement or recommendation by AAMI. The views and opinions of the authors in BI&T do not state or reflect the opinion of AAMI. POSTMASTER: Send address changes to: BI&T, 810 E. 10th Street, P.O. Box 1897, Lawrence, KS 66044-8897. AAMI Members send changes to AAMI; 4301 N. Fairfax Drive, Suite 301, Arlington, VA 22203-1633; non-members send changes to Kansas address above.
© Copyright AAMI 2014. Single user license only. Copying, networking, and distribution prohibited.
Does your staff have wildly different knowledge of safety procedures? We’ve solved that.
AAMI University An advanced learning platform to keep medical technology professionals informed and educated on emerging issues and standards.
For more information, go to university.aami.org or call 703-525-4890
