Defining Health Care IT

Kachina Shaw

After financial services, perhaps nowhere is the risk greater to both provider and client than in health care when a data breach or loss occurs. And it seems that good data protection practices are falling by the wayside in the scramble to digitize, organize and share that data.

The Ponemon Institute just released a report on a survey of IT and health care professionals in 80 organizations that it carried out for ID Experts. Among other findings, Ponemon reports that:

  • 94 percent of hospitals had suffered data breaches
  • 45 percent had suffered more than five breaches
  • Well over 21 million patients have been affected by health care organization breaches
  • Data breaches have cost health care organizations the U.S. $7 billion

Survey respondents said their organizations lack needed controls to prevent or detect medical identity theft (67 percent), and few conduct privacy risk assessments (16 percent). Two-thirds say they lack the budget to minimize these incidents, 73 percent lack other resources to prevent and detect incidents, and only 36 percent have improved programs in response to the threat of audits.

The survey touched on the huge threat from BYOD in health care settings, a finding echoed in other recent research from the Spyglass Consulting Group.

To make matters more complicated, Susan Hall wrote recently about how entrenched hiring practices within health care organizations are preventing some qualified IT professionals from being able to break into this growth area.

The pressure on organizations to control data and the spiraling costs of breaches is creating a training and hiring niche. One approach toward addressing both is a new partnership announced between the non-profit Health Information Trust Alliance (HITRUST) and certification provider ISC2. Now in its early stages, the partnership will tackle in January 2013 the identification of the “major job requirements and subsequently the knowledge and skills needed by a healthcare information protection professional to fulfill these requirements.”

Says Daniel Nutkis, chief executive officer for HITRUST, in the partnership announcement,

“Our experience has shown us that organizations with more knowledgeable security professionals manage information risks better and have more advanced information security programs. Healthcare organizations will benefit from having a simpler method to ensure their information protection professionals have the appropriate skills.”



Add Comment      Leave a comment on this blog post
Dec 17, 2012 12:25 PM Baker Hudges Baker Hudges  says:
There is need for more efficient data security especially in the health sector where every piece of information matters quite a great deal. It is alarming that almost every hospital suffer data breach in any given year but I strongly believe that this will come down to almost zero in the near future. Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date