I’m going to start off by being completely honest: The risk for healthcare organizations isn’t getting any better. In fact, we’re now more than five years into the HITECH and Affordable Care Acts, and the risks are greater than ever.
Some 94 percent of healthcare organizations reported being victimized by a cyberattack, according to the Ponemon Institute. And with the mandate to digitize all healthcare records, the emergence of HealthCare.gov and a mass of electronic protected health information being exchanged online, even more attack surfaces are being exposed. All of these threats can affect the availability of healthcare data and applications.
Experts suggest that data breaches could cost the healthcare industry some $6 billion per year, with an average cost per data breach estimated to be $2.1 million. In an era of shrinking resources, these numbers should matter. In order to protect the future of the healthcare industry and patient information, regulations calling for significant fines for breaches and lost data exist, and these fines can have a material impact on budgets and, more importantly, patient confidence in their healthcare provider.
Below I’ve listed four top security priorities healthcare organizations need to take into account in order to secure data, and their patient confidence, for the future of healthcare:
- Understand Regulations at Hand
In order to protect the healthcare industry and patient information, as well as to address the increasing healthcare costs and the need to improve outcomes, a wave of regulations and initiatives to transform the industry exist. The fines for not complying can have a material impact on budgets and, more importantly, patient confidence in their healthcare provider. HIPAA, HITECH, ACA, ACOs, EMR and PACS are only a part of this wave ofregulations, organizations and clinical applications that are driving a transformation in the healthcare industry and how data is delivered, stored and protected.
- Ensure (secured) Communication between Physicians/Nurses, IT, Management and Other Departments
It’s critical for organizations to have procedures and processes in place that facilitate the efficient delivery of care, improve outcomes while decreasing errors, and do so in a secure setting. All resources that have a role in care delivery--be it processing the patient’s admission and being hands on with patient care or third parties that perform lab tests--need to understand the importance of data security and how it is integrated into the process of delivering care. Weak links in internal and external communication need to be identified, options must be explored, and the impact of those options must be understood so no bottlenecks or unintended consequences emerge. This is not a “one time” effort, but an ongoing initiative with the vocal support of management.
- Encrypt, Encrypt, Encrypt!
Despite the best-intentioned efforts of the industry, there will be breakdowns and breaches in security. The evolving nature of the threat, value in the data, and increasing sophistication of the intruder’s tools and efforts make this inevitable. When the breach gets through, the last line of defense is encryption: encoding data so a key is required to read it. If the hacker does not have the key and cannot “read” the data, it has no value. The more sophisticated the encryption, the more difficult and expensive it is for the hacker to get the key, and the incentive to breach the data goes down.
- And, Finally, Take a Real Step to Prioritize Security in Healthcare
Regulations calling for significant fines for breaches and lost data exist, and these fines can have a material impact on budgets and, more importantly, patient confidence in their healthcare provider. As I mentioned above, emerging regulations, along with the ability of patients to have greater choice in their healthcare delivery provider, will force the industry to adapt security practices. It will be a major tenet of its operating philosophy and the value proposition to patients. It’s time to move from a reactionary approach to data protection and take a real step to prioritizing security in healthcare.
Healthcare IT organizations have unique challenges when it comes to the growing amount of patient data, including the need to protect highly sensitive information and comply with complex regulatory requirements. As with many other industries, healthcare has seen an explosion in the amount of data and increasing healthcare costs. The need to improve outcomes has resulted in a wave of regulations and initiatives to transform the industry--all causing substantial risk to the future of healthcare organizations.
To learn more about protecting data and regulations in healthcare, as well as other industries, download the free Tech Target Whitepaper today! Data Protection and Compliance Considerations for Solution Providers