It’s not surprising that hackers and data thieves are attracted to large, successful health-care systems. Hospitals and other health-care facilities are entrusted with enormous amounts of personal information about patients.
At Avera Health, much of the responsibility for protecting millions of electronic records from attack falls to James Burkett Jr., vice president of information technology services. It’s a big job.
Avera is one of the leading health-care providers in the multistate region. The Sioux Falls-based organizations is comprised of more than 300 facilities, including hospitals, clinics, residential care facilities and medical equipment outlets, in South Dakota, North Dakota, Nebraska, Minnesota, and Iowa.
Keeping the system’s computer systems working properly and protecting electronic information are two of the primary duties of Burkett and his staff. They take the responsibilities very seriously.
“We feel like we’re taking steps on many, many levels to protect ourselves,” Burkett says. “To my knowledge, we’ve never suffered a hack or a data breach.”
Keeping information secure requires a high level of constant vigilance, however.
SDN Communications of Sioux Falls helps Avera by providing the organization with private communication lines that connect much of Avera’s network. Dedicated, high-speed lines allow for the transmission of sensitive information in a more secure and reliable way than the publicly accessible Internet.
SDN also assists by providing data center space that allows Avera to securely store information in an off-site location. In addition, SDN provides Remote Network Monitoring to help Avera make sure that communications lines function properly at all times.
Avera also uses high-level protective products and services from other companies and has its own security staff. The organization’s medical records have been nearly entirely electronic for the past two years. Regardless of whether electronic information is generated at Avera McKennan Hospital & University Health Center in Sioux Falls or the Rosebud Family Clinic in Gregory, S.D., it is protected with equal vigor, Burkett says.
In most cases, patients themselves probably pose the biggest threat to the security of private medical records, Burkett says. Wittingly or unwittingly, patients might occasionally give someone else access to their electronic records. But even if the information gets in the possession of someone with dishonorable intentions, the thief wouldn’t be able to navigate from the victim’s AveraChart medical record to any else’s information.
Burkett cautions people to be suspicious of anyone who seeks personal information.
“No reputable company will ask for your password,” he says. “No reputable company will ask you to send money to get money.”
People also should be careful to avoid infecting their computers with some kind of virus by clicking on an unfamiliar link or by plugging in a flash drive of unknown origin.
“It’s basically just common sense,” Burkett says.
Avera tests the human front of its security by periodically testing employees. From time to time, for example, a hired service sends emails or makes calls requesting sensitive information to see how employees react.
Implementing two-step authentication is one of the most effective steps Avera has taken to increase the security of information, Burkett says. With two-step authentication, access to an account is protected by more than a username and password. A person trying to gain access to account also needs an object, such as a phone with a secure app, to gain access.
As one of the biggest and most successful health-care providers in the region, Avera works hard keep electronic information secure. SDN is proud of the small, behind-the-scenes roles it plays to help.
