This page contains a Flash digital edition of a book.
The Data Is Staggering All told, 96% of the study´s 72 respondents had suffered


a healthcare data breach in the last year, with lost or stolen computer hardware, third-party errors, and unintentional employee action ranking among the major causes. On average, each health data breach affected more than 2,500 patients and cost an institution more than $2.2 million to rectify. Both represent significant increases over the 2010 study. Larry Ponemon, Ph.D., chairman and founder of the


Ponemon Institute, noted that health information security does not, and in fact may never, rank among the top priorities in an industry focused above all on providing patient care while also addressing financial turmoil and changing business practices. This is especially true of mobile devices in healthcare.


Roughly 80% of respondents are using them, but only about 25% are securing them with technology such as encryption, keypad locks, or anti-virus software. Fewer than half even have policies to govern mobile device use. The catch, of course, is that mobile health is “almost


a fixture of health care,” Ponemon said, pointing to mHealth´s ability to improve efficiency and information access while negating the need for paper records. As Ponemon sees it, mobile device security, hitherto progressing less quickly than mobile device functionality, will soon catch up, to the point that smartphones are as secure as (admittedly not ironclad) laptops. As a result, healthcare organizations should not suppress mHealth efforts.


Take a Common


Sense Approach “Organizations can take several steps to improve health information security,” Kam said. Basic tasks include taking an inventory of all PHI and personally identifiable information, developing an incident response plan, and reviewing HIPAA business associate agreements. “Business associates should be involved in all three steps,” Kam added, “as they can help covered entities conduct a HIPAA security risk analysis for PHI in transit and at rest. Plus, this involvement leaves business associates better informed about the safeguards spelled out in their agreements.” “This is a team sport,” he said. “We need better collaboration.”


In addition, Kam said, “Everything with PHI should be encrypted,” to the point that it becomes as routine as washing with antibacterial soap before a medical procedure.


This step is especially important for small healthcare practices that lack the resources to implement identity and access management or other security measures. Overall, the study concluded that organizations


have gotten better at detecting and reporting health data breaches but still struggle to prevent them in the first place. Part of this stems from an increasingly aggressive


regulatory approach, as exemplified by the Office for Civil Rights´ forthcoming random HIPAA compliance audits and calls from Sen. Al Franken (D-Minn.) for even tougher health data breach penalties. Part of this, too, is the nature of health care organizations as “information- rich ecosystems” where “you can´t walk in without data flowing all around you,” Ponemon said. That information is simultaneously necessary for


treatment but harmful if revealed–and it points to a need for common sense. “After all,” Ponemon said, “health information privacy and security are important, but they cannot supersede the need to save lives.”


13


Could Your Network Be in Danger?


Uncover Weaknesses with a Comprehensive Security Assessment Today IT organizations across all industries are faced with navigating a complex set of regulatory, compliance, and business demands. With ever-present security risks, business and technology evolution, and tightening regulations, security compliance can be difficult to achieve and maintain.


Our Security Assessment can provide you with a better understanding of your organization’s current security-focused infrastructure and present recommendations on how to meet the needs and challenges of the network security landscape.


Contact your Account Manager to schedule a Security Assessment today. 1.800.395.8685


CONNECTION


VOLUME 2 • ISSUE 1


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36