A GUIDE TO HEALTH IT
Healthcare Catching Up With Security Practices
The healthcare industry is no stranger to the need for cybersecurity. As bad actors continue to realize the value of data held in electronic health records (EHR), healthcare organizations are targeted by increasingly sophisticated attacks.
Healthcare organizations are now among those most frequently attacked, according to IBM’s 2016 Cyber Security Intelligence Index. In February 2016, the Department of Health and Human Services (HHS) reported slightly less than 112 million individuals had been affected by protected health information breaches. In 2014, the number was just short of 1.8 million.
In July, HHS sent out a briefing to urge healthcare organizations to reinforce their EHR contingency plans in light of “persistent and evolving threats.” Any disruptions would pose “significant safety risks” to patients.
The healthcare industry is hustling to catch up with these threats. But one advantage the industry has is the Health
Insurance Portability and Accountability Act (HIPAA). For 20 years, this has required protections to govern the privacy of patient information.
When HIPAA was initially enacted, the industry was handling mostly paper records, which are easier to protect. When the healthcare industry initially developed and started using EHRs, that changed how it handled security. The number of different digital platforms and systems used by health organizations only made the task more difficult. The spread of collaborative care, with data exchanged between various systems and devices, also requires extensive security to guard against loss of patient data.
The solutions are out there—including encryption for both data at rest and in motion, and multifactor authentication— but such solutions can be problematic in a healthcare environment, burdening doctors and nurses with extra tasks that might delay or hamper patient care. Ultimately though, there may be no alternative.
SPONSORED REPORT
Success of EHR Depends on Standards
U.S. HEALTHCARE PLANS depend on data and evidence collected primarily from digital patient records,
so Electronic Health Records (EHR) are the cornerstone. The future of EHRs and healthcare delivery depends on how those systems will connect with and share data between themselves and other systems.
Precisely how and when that interoperability will happen is a big question. Despite years of discussion and debates between doctors, providers, government agencies and other industry organizations, there are still doubts about interoperability plans and how long those will take to be finalized.
In 2014, the Office of the National Coordinator for Health Information Technology (ONC) set 2024 as the year “individuals, care providers, communities, and researchers should have an array of interoperable health IT products and services (and) individuals should be able to securely share electronic health information with care providers, and make use of the information to support their own health and wellness.”
Congress is even more bullish. In passing the Medicare Access and CHIP Reauthorization Act (MACRA) last year, it made it “a national objective” for EHRs to be interoperable by the end of 2018. There isn’t a lot of confidence in those deadlines though.
The underlying problem is there are hundreds of different EHR products and thousands of different implementations. They’re all aimed at fitting the needs of many different health organizations. To achieve true interoperability, EHRs must seamlessly share information and have that information understood by all varieties
of EHR. That means there needs to be data, messaging and other standards established and agreed upon. This has proven difficult, to say the least.
S-45 FCW.COM/2016HealthITGuide S-45