• About Us
  • Events
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
  • Innovators
    1. Cybersecurity
    2. Privacy/Security

    Protecting Patient Health Information

    Nov. 9, 2011
    I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

    I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

    Jim Elert, CIO of shred services of Trinity Health, Novi, Mich., says that healthcare security is much more than a matter of passwords and firewalls. When building a security program, it’s necessary to take a comprehensive view that takes into account governance, policies, and education, so that people who use the system understand it.

    Jennings Aske, chief information security officer at Boston-based Partners Healthcare, takes a similar view. He cautions that healthcare organizations should not view data security as a regulatory driven matter, but one that is intrinsic to an organization’s business objectives. “You should be doing security because it is the right thing to do, not because the law says you have to do it,” he says.

    Both experts say they have existing standards from the International Organization of Standards (ISO) and the National Institute of Standards and Technology (NIST) have provided guidance in putting together their security policies.

    I think they make a good point. At a time when a proliferation of new regulations and technological devices are putting extra demands on hospital IS departments, it makes sense to rely on existing standards to ensure compliance. In a fast changing environment, NIST and ISO standards can at least help healthcare organizations in the right direction with regards to putting controls in place to protect their patient’s data.

    More on the challenges on protecting patient data will appear in the October issue.
     

    Continue Reading

    Sponsored Recommendations

    Admit it, your EHR can’t do everything: Strategies for efficiency and better consumer experiences

    Discover strategies to overcome EHR limitations and boost efficiency in your practice. Join industry leaders as they explore how a unified care enablement model can streamline...

    Driving top quality performance through data-driven actionable insights.

    Join us to explore how data-driven insights are transforming healthcare. Learn how leveraging big data and analytics can enhance patient care, optimize workflows, and drive top...

    CMS Interoperability and Prior Authorization Final Rule: What no one is thinking about but should be

    Join our panel as we explore the overlooked challenges of the CMS Interoperability and Prior Authorization Final Rule. Discover key implications for payers and providers, and ...

    The Race to Replace POTS Lines: Keeping Your People and Facilities Safe

    Don't wait until it's too late—join our webinar to learn how healthcare organizations are racing to replace obsolete POTS lines, ensuring compliance, reducing liability, and maintaining...