Remember the thick folder with your medical records tucked inside?
Well, we are not going back to paper. Those days are over. These days, medical records are stored on servers.
“The federal government has several times throughout the year created incentives for provider organizations to adopt the electronic health records,” said Dr. Geoff Nicholson Jr., the vice president and chief medical officer for WellSpan Health.
Facilities are taking advantage of the offer. A widely used software vendor is cloud-based Epic, which powers the MyChart app.
“You have access like never before to your information. You can message your providers, you can schedule an appointment, and you can look at your test results,” Dr. Salim Saiyed, of UPMC Pinnacle, said.
Epic clients like UPMC Pinnacle, Penn Medicine Lancaster General Health, and WellSpan Health can share your information within the Epic system.
How is your information stored? How can you keep it safe?
Penn Medicine, Wellspan and UPMC Pinnacle use their own servers.
“Here at UPMC Pinnacle, we have several policies and procedures that we routinely update and keep up with new threats and new changes that are coming along in the industry to keep up with everything that is happening to keep us safe,” Saiyed said.
“We pick good products that support the latest technology standards. We put good policy and access protections around them such as WellSpan only gives access on a need-to-know basis,” Nicholson said.
“We apply security standards, processes, and technologies in all areas where risks are present while implementing monitoring and response procedures that limit the impact of cyberattacks,” said Dan Costantino, the chief information security officer for Penn Medicine.
The spokesmen added that they use the latest encryption, scan hard drives, require frequent password changes, and perform internal and external checks.
“That includes phishing emails, fake emails to see how they would respond,” Saiyed said.
“When you are talking health care, there is a large volume of personal data in one spot,” said John Sancenito, a cybersecurity expert and president of INA.
While Sancenito is pleased to hear the health care facilities are taking the protection of data seriously, he cautions no facility is breach-proof and gives patients these tips.
“Use two-factor authentication whenever possible. Make sure when you are going to access your records, make changes to your records, there is a system where they can text you or call you to verify you are who you say you are,” he said.
Sancenito also says to make sure you are using your health care provider’s app. Choose unique passwords, not the same one for various apps.
And don’t post health information on social media. Sharing can invite intrusion.
Nicholson says there are benefits to sharing health information within the system. By having access to real-time data when patients are being treated, it allows them to deliver personal and high-quality care.