Promoting Better Health Care Security

Sue Marquette Poremba

As it looks like health care issues are going to be in the news again, I thought this would be a good time to discuss what's happening with health care security. A recent Ponemon survey shows that security breaches continue to be a major problem for the health care industry, with the breaches costing hospitals $12 billion over the past two years.


I was able to do an e-mail interview with Jack Hembrough, CEO of VaporStream on the topic, and I asked him what the health care industry needs to do to promote better security. His answer:

To promote better security within healthcare organizations, a uniform system for secure messaging needs to be established in conjunction with strictly enforced corporate policies. As more health systems make the transition to electronic health records (EHR), the need to have security measures around the sharing of patient records and who can access them is crucial. Additionally, personal mobile devices, such as tablets and smartphones, are proliferating and permeating the professional arena. As in all businesses, healthcare organizations need to implement corporate policies surrounding personal mobile device use and have a response plan in place should a device be lost or stolen. Access to the EHRs and personally identifiable information (PII) from personal mobile devices should be restricted to specific employees who have been given individual sign-in credentials.
Over the next few years, the ability to protect patients' PII will be a great distinguisher between the various health systems. In order to ensure the security of EMRs and PII, health systems need to adapt to the new and emerging technologies, implementing and enforcing strategic response initiatives and corporate policies.

One of the major issues is the lack of compliance to regulations now in place. Hembrough told me the problem isn't that the health care industry doesn't want to follow regulations, but that technology is moving so fast that it is difficult for the organizations to keep up. He said:

Medical professionals, for example, use mobile devices to communicate. Email and texting allow real time, valuable information exchanges among practitioners. However, using mobile devices isn't always compliant. For example, having a charge nurse send test results to a doctor's mobile email account, so she can provide proper medical care to a patient, even when off site, is a potential HIPAA violation. The doctor is trying to do the best job she can, using the tools she uses every day, but sharing patient data over a smartphone is non-compliant unless approved, secure software is used.
Technology exists to allow the delivery of private patient information to the doctor while ensuring compliance, data confidentiality and security. However, these confidential messaging solutions are not yet widely implemented and mobile email is.

Add Comment      Leave a comment on this blog post
Jan 11, 2011 1:59 AM Dan Berger Dan Berger  says:

We agree - EHR has the potential to transform the healthcare system but without proper security controls regarding access control and secure transmission to protect patient privacy, health organizations might not only be financially penalization but could face patient backlash. We want high user adoption and customer satisfaction. Get the security basics in place. Utilize objective, third-party assessment firms. There are a number of good ones around including Redspin.

Jan 6, 2012 7:45 AM Malinda Hartwig Malinda Hartwig  says:

Health care issues are always in the news; it's almost driving me crazy. Since I got my masters in health administration degree I have the feeling that all people talk about is the health care system (which by the way is not great, of course, but way better than it used to be). Also, security is a major problem for all industries but when it comes to health care I think people see it as an even more important one.

Jan 7, 2012 2:52 AM Ariana Robles Ariana Robles  says:

I work at one of the major suboxone treatment hospitals from California and there are a lot of patients who come there in order to cure their alcohol or drug addiction. We know better than everyone how important are security measures in the healthcare system. From this point of view I can tell you that we have some strict rules about this. Every doctor keeps on his computer his patients' medical file and every file is secured with a password known only by him and his assistant. It is very important to keep patients' medical files secure as they have the right to confidentiality.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.