The Rhode Island Blood Center must collect 250 pints of volunteer blood every day in order to meet the needs of its community. Although community members are consistently generous, the Center had to find an efficient way for these people to support the cause. The result: More than 3,000 mobile blood drives annually, scattered throughout the community.
These blood drives are positive and interactive events, but as IT Systems Manager at Rhode Island Blood Center, I found myself spending a lot of time hoping we had enough safe guards in place to ensure the security of our mobile data.
In today’s world where data breaches and security challenges are at every turn, there is plenty to worry about. As with any healthcare organization in the USA, Rhode Island Blood Center must work within regulatory guidelines in terms of how we safeguard the patient and other private information we acquire.
With the Rise of AI, What IP Disputes in Healthcare Are Likely to Emerge?
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
Since my team is responsible for the IT and telecommunication equipment around the blood drives (as well as the six Center locations), I was well aware that the typical set-up involved a large number of Center-owned laptops where donor information is stored.
So while most people would arrive at the event and see the positive results of a community coming together, all I could see were dozens of laptops stuffed full of confidential data for which Rhode Island Blood Center was ultimately responsible. And I knew if even one laptop was lost or stolen, confidential donor information could be at risk.
The Risks
All you have to do is Google “Healthcare + data breach” to get a sense of the risks faced by most healthcare organizations. It’s a frightening landscape where an organization can face devastating non-compliance penalties and negative PR, that due to an ever growing social media presence, never seems to go away.
For example, two of the top three data breaches in 2013 involved stolen laptops:
-
• Four laptops stolen containing healthcare and other data affecting 4,000,000+ people
• Two laptops stolen containing healthcare and other data affecting 720,000+ people
• Patient records improperly disposed of by third party vendor, total data affecting 275,00+ people
A Personalized Approach to Medication Nonadherence
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
The third example is important because it reinforces the long arms of HIPPA regulations around data security, although as of currently, those do not extend to blood banks. Although the mistake was made by a separate company from the healthcare organization, the organization is still going to take the hit. This change occurred with the 2013 Final Omnibus Rules Update, where requirements were expanded to include business associates.
So for my reality, this meant that it didn’t matter who dropped the ball. Employee, contractor, volunteer – if it was Rhode Island Blood Center data, I had to ensure we could secure it.
Mobile Healthcare = Data off the Network
Given we are dealing with a largely mobile environment, the ability to track devices and perform security and other commands remotely was imperative. If I couldn’t reach out and touch a device as needed, then I couldn’t do my job.
Ultimately we selected Absolute Computrace because it satisfied our need to maintain a connection with each device and because we were able to accurately track devices on or off our network – a necessity for our mobile environments.
The biggest selling feature was the persistence technology. It’s a combination of hardware and software that ensures the security software remains installed on a device. And it works. We know because we’ve tested it.
After removing a hard drive from one device and installing it in another, we were amazed when the software agent automatically reinstalled. It’s the closest we’ve seen to a software solution that is indestructible – it was very impressive.
Protecting Healthcare Data Remotely
The ability to connect with a device regardless if it is lost or stolen allows us to invoke remote security commands so we can properly protect the data that is stored on these laptops.
Since we began protecting our devices with this technology, we’ve deleted data from, and frozen six devices. Four of these were stolen from Center locations. But because we were able to execute data delete commands immediately, none of our confidential data was compromised.
Given the trend of mobility through all areas of healthcare, coupled with the tightening of regulations – it’s extremely reassuring to know that Rhode Island Blood Center devices and data are secure. While supporting important community events like our blood drives, we are still able to protect our patients, donors, and the organization. It’s a great feeling.
