Perhaps the largest concern regarding the digitalization of patient information is data security. Made available using health information exchanges (HIEs) and databases, information is left considerably more vulnerable. The Ponemon Institute is an establishment, known for conducting research regarding the privacy and security of data. The research is meant to aid organizations in expanding their defensive initiatives. Their Fourth Annual Benchmark Study on Patient Privacy and Data Security surveyed healthcare networks, hospitals, and clinics, and was released on March 12th, 2014.

The survey showed:

  • The number of organizations with more than five data breaches has decreased.
  • The cost of data breaches decreased by close to $400,000 as compared to the previous year.
  • 70% of organizations believe that insecure websites, databases, etc. are the reason that healthcare reform seems risky.
  • 33% of healthcare organizations are uninterested in joining HIEs due to the potential risk to patient information.
  • 75% of organizations consider employee negligence to be at the root of the problem.
  • There has been a 100% increase in attacks on healthcare information systems since 2010.

Organizations are primarily apprehensive about insecure information exchange across technology. 90% of all healthcare organizations experienced a minimum of one data breach in the last 2 years and 35% reported more than 5 breaches. Although there has been a decrease in breaches from the previous year (45%), it’s still an issue that must be attended to.

A 2013 article by Bill Kleyman on HealthITSecurity.com explains how following a few basic security policies can allay these concerns:

  1. Enforcing policies: Though many security policies are in place, they may not always be strongly enforced. Weak passwords or insecure USB ports can lead to data breaches.
  2. Physical security: Digital security isn’t the only concern. If someone were to steal a backup disk, a data breach has occurred. Though physical barriers may be expensive, their protection of patient data will be a good investment.
  3. Next-generation security: Technology such as firewalls and intrusion detection systems (IDS) could be key to minimizing data breaches.
  4. Locking down the endpoint: Data is no longer confined to desktop computers and laptops. Information can now be accessed through mobile devices such as cell phones and computers. Therefore, steps must be taken to ensure that these devices don’t increase security risks.

Author: Apoorva Anupindi