Health Care IT Security: From Bad to Worse, but Maybe Better

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
Slide Show

The State of Health Care Security

Study finds that there hasn't been much progress in health care security over the last year.

Most folks involved IT in health care organizations would generally agree that security is important; it just seems to be getting harder to build a consensus about whether it's getting better or not.


A new survey of 72 health care organizations, conducted by the Ponemon Institute on behalf of ID Experts, a provider of data breach prevention software, makes it pretty clear that the number of security incidents has increased. But Larry Ponemon, president of the Ponemon Institute, says it's not all certain if this is because the actual number of attacks is increasing or whether greater awareness is encouraging health care organizations to discover and report IT security incidents.

What is for certain is that the value of health care records is increasing. Because of the rise in identity theft, Ponemon says health care records that are rich in personal information have become a primary target for criminals trying to create fake identifications that contain a lot of detailed information about a person. In addition, a general rise in fraudulent activities associated with medical services makes this kind of personal information even more valuable.

ID Experts President Richard Kam says all these issues are creating an increased need for single sign-on solutions for health care applications that help limit which employees get access to what information in a health care system and in a way that can also be audited. In fact, the majority of the health care organizations surveyed said that the shift towards electronic health care records (EHR) has actually served to increase security.

However, one danger that health care organizations need to avoid is putting policies in place that are so draconian that all they wind up doing is driving bad processes further underground in the organization.

In the meantime, the survey shows that budget, training and risk assessment continue to be major challenges when it comes to health care IT, which may account for why half of the survey respondents have little to no confidence in their ability to detect security incidents.

That may not inspire a lot of confidence in health care security overall, which, of course, is why some people in Washington are now calling for regulation of health care IT. But when you consider that the first step towards solving a problem is recognizing that it exists, maybe some progress is actually being made after all.