A Health Care Accident Waiting to Happen

Michael Vizard
Slide Show

Patient Records: A Crisis Waiting to Happen

Not only are breaches continuing to happen on a regular basis, they are costing about $2 million each.

Despite all the concerns about data breaches, privacy and electronic health care, it looks like a major security breach is still just waiting to happen in the health care sector.


A new study of 65 health care organizations from The Ponemon Institute that was commissioned by ID Experts, a provider of data security software, finds that while most organizations have yet to suffer what could be called a major breach, the frequency of breaches suggest that one is probably imminent.


When it comes to securing health records, ID Experts president Rick Kam says most organizations still don't have the budgets and processes in place needed to secure health care records. In fact, the survey finds that the confidence that IT executives have concerning their ability to secure those records is shaky at best.


The study finds that part of that lack of confidence stems from the simple fact that not many people have been specifically allocated to secure these records. The end result is that it's unclear who is actually responsible for securing health care records. Nevertheless, the health care organizations surveyed are on average absorbing $2 million in costs every two years. Worse yet, 70 percent said that securing patient data was not a high priority. As a result, only 16 percent said they have dedicated security technologies in place to protect patient data.


Kam says he also doubts that health care organizations fully appreciate the financial impact of a breach. Beyond the simple cost of informing patients that their records may have been compromised, each successive breach generally results in lost business as more patients go looking for health care providers that can truly secure their information. And while the rise of electronic health care records creates an opportunity to manage data more securely, it also creates a central repository that is easier to target. So unless steps are taken to secure those electronic records, they could wind up actually exacerbating the problem by making it easier for cyber criminals to target health care organizations.


Whether it's going to take a major security breach to get senior managers at health care organizations to focus on this issue is still really anybody's guess. But for the moment, it looks like health care providers are not paying as much attention to security as they should, which leads Kam to conclude that it's only a matter of time before something goes terribly wrong.



Add Comment      Leave a comment on this blog post
Nov 18, 2010 2:36 AM Arnon Rosenthal Arnon Rosenthal  says:

Re: " it looks like health care providers are not paying as much attention to security as they should, which leads Kam to conclude that it's only a matter of time before something goes terribly wrong." 

  I too expect breaches, but would suggest that "too few people looking at the problem" isn't the main cause.  Put simply, we don't have the technology to prevent breaches, in any arena --as evidenced by breaches in very security conscious areas such as credit card processing.

   Many breaches seem also to come from poor practices -- which again will not be cured by more security personnel.    Rather than more posters and emails (from more security personnel) , we need better techniques for motivating and educating our workforce

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data