HIT Keeps Healthcare Safe From Hackers, HIPAA Fines

by Matthew Stern | Nov 11, 2015

ThinkstockPhotos-484873654Editorial Update: CompTIA retired its Healthcare IT exam in 2017. CompTIA A+ can help health care professionals gain the IT skills they need to protect patient data.

A hospital administrator receives an email that appears to come from an old friend, clicks a link purporting to contain pictures of a recent family vacation and unintentionally releases malware onto the hospital’s network, delivering a massive amount of personal patient data into the hands of hackers. A doctor uses her personal laptop to access a hospital’s electronic health record (EHR) system to review a patient record, not realizing that the computer is infected with a virus, letting a hacker in through the EHR’s front door. An IT department on-boards a new system and does not take the proper security procedures, leaving ports vulnerable. Months later, these healthcare providers are on the news – the latest victims in a string of hacks targeting healthcare providers nationwide.

Scenarios like these are chilling to healthcare professionals in a world in which industry trends have driven more and more healthcare-related data online and hackers have realized that protected health information (PHI) can be more valuable than credit card information for purposes ranging from identity theft to blackmail. The sheer amount of data taken is staggering. The data breach of insurer Anthem, for instance, revealed in February 2015, is thought to have compromised the personal information of around 78.8 million people according to ABC News. The fallout for the patients remains to be seen.

Frank Evans, network director of IT for AllianceHealth Deaconess, indicated that the scale of such a hack is not surprising, given what is at stake.

“Having PHI on one person is valuable, but having the PHI on hundreds or thousands of people is worth millions of dollars,” Evans said.

And when it comes to compromised healthcare data, patients are not the only one ones who have to worry about the cost.

Tech Times reports that according to an Accenture study, the healthcare industry stands to lose a total of $305 billion in the next five years due to cyber-attacks. The stiff regulatory penalties placed on providers involved in data breaches are an expensive add-on to the cost of a breach itself.

In the event of a data breach, healthcare providers are often held responsible for the compromised healthcare data. The Health Insurance Portability and Accountability Act (HIPAA) and its 2009 addition, the Health Information Technology for Economic and Clinical Health Act (HITECH) are initiatives that govern the privacy of patient data. The penalties that that they impose on healthcare providers implicated in compromising PHI can be massive – and, for smaller clinics, debilitating.

Depending upon the level of negligence, degree of intent and severity of the breach, penalties can exceed $1 million. One need look no further than the U.S. Department of Health & Human Services website for an update on legal cases pertaining to HIPAA violations and the penalties imposed because of them.

But there is hope amid the hacks and fines.

“We read of these incidents all the time,” Evans said. “Training techs on all the ins and outs of watching over and protecting PHI at every point is a great way to help protect your company. HIPAA security rests completely on the IT department.”

CompTIA’s Healthcare IT Technician (HIT) certification takes this industry wisdom as its starting point. The certification allows those IT professionals uninitiated in the world of HIPAA to get a head start on the full scope of the policies and procedures that IT professionals must manage to keep a healthcare enterprise safe and compliant. HIT offers an advantage for both for healthcare providers looking to bring in knowledgeable IT talent and IT professionals hoping to get a foot in the door in one of the nation’s most booming industries.

Teaching Healthcare Vocabulary to the Tech-Savvy Pro

Healthcare IT is a growth industry. But given the high cost of compliance mistakes and the in-depth training required to make sure a helpdesk professional can handle HIPAA, it is easy to understand why previous experience in healthcare is important to a hospital’s HR department. Plenty of IT professionals coming from other, less regulated industries, however, are hungry to get into the healthcare job market. For them, HIT can be a differentiator. 

Patrick Lane, senior manager of product management at CompTIA, explained how HIT helps job searchers get ahead on the healthcare learning curve. 

“One of the reasons we created HIT is so that people who didn’t have healthcare experience could get up to pace quickly,” Lane said. “If somebody is an IT professional and they want to go into the healthcare world, they can take this. Most of the [healthcare] jobs are related to helpdesk and support which makes it a very good combination with Network+, A+ and Security+. It’s a great add-on to the big three.”

HIT certification, he said, gets an already tech-minded IT professional thinking seriously about everything from appropriate encryption for hospital workflows to the placement of Ethernet ports with respect to public foot traffic.

Evans confirmed that from the perspective of a hospital IT department, the HIT certification offers remarkable value.

“Having the HIT certification gives a hiring manager confidence you are trained, knowledgeable and skilled when you step in the job on the first day,” Evans said. “We all know how much time it takes to train a tech who is new to the medical field. It is more than just knowing how to do IT. So much more. The ability to hire someone who already knows the dangers and things to watch for saves time in training and gives IT leadership a leg to stand on.”

HIT: Growing Alongside the Healthcare Industry

As new technologies, security threats and regulations continue to shape the healthcare landscape, HIT is changing with it – HIT is already on its way to being updated for fall 2016.

“HIPAA is constantly changing and evolving,” Evans said. “There are new rules, new guidelines everything year. I don’t believe there will be any slowing down of these changes. The HIT certification is going to keep up with these changes so it is a win-win for the hiring IT manager.”

Matthew Stern is a freelance writer based in Chicago who covers information technology, retail and other topics and industries.

Leave a Comment

Boost your Career with a Certification

Find out more about our Certifications

How to get Certified

4 Steps to Certification

Already certified? Let us and others know!

Share Your Story