• Home
• Solutions
  • Overview
  • Report Automation
  • Information Security
  • Privacy Alerting
  • Scorecards
• Products
  • Overview
  • The Central Dashboard
  • The Log Manager
  • The Privacy Auditor
  • The Clinical Scorecard
  • The Bitwork Appliance
• Demo
• Resources
  • Customer Login
  • Articles
  • Whitepapers
• Company
  • About
  • Mission
  • Affiliations
  • News
• Contact Us

Archive

• Six Sigma in Healthcare
• Changes to HIPAA, Part 3
• Changes to HIPAA, Part 2
• Changes to HIPAA, Part 1
• Security Challenges
• Balanced Scorecards
• IT Challenges
• Stimulus Package
• HIT Job Trends
• EMR Implementation

Challenges in IT Security: Staying One Step Ahead

(Sept. 30, 2009)

Keeping data secure is a 24/7 priority for healthcare organizations. New laws and regulations regarding data security breaches and disclosure laws greatly influence the way in which healthcare organizations provide security measures and conduct their businesses.

Between 2000 and 2007, nearly half of all healthcare security incidents that occurred in the US were associated with hospitals. However, healthcare organizations as a whole have done better than many other industries in controlling data security breach incidents and lost records, according to www.infosecurityanalysis.com, an online think tank that collects and analyzes IT data security breach information. (See related sidebar, What next after a security breach is discovered?)

Still, enhanced disclosure laws for healthcare organizations and modern tactics used by attackers and malicious insiders to compromise data are forcing all healthcare entities to take a closer and deeper look at their IT security plans, according to a recent survey conducted by the group.

Essentially, IT security breaks down into two categories:

• Infrastructure security - includes identity management, access management, information and event management.
• Network security - refers to the means by which an organization/users protects itself/themselves when online and in a network environment and ensuring that only the right people have access to certain applications within the system.

While ensuring security for your facility is an ongoing process, there are some essential safeguards that all healthcare entities should consider when developing and implementing IT security policies, including taking the following steps:

• Use dashboards. Tools such as dashboards, give you minute-by-minute, or even second-by-second, control of your environments by providing an overview of what is happening in your facility. Dashboards also allow for forensics should you need to provide evidence to an authority should a breach occur.
• Use two-factor authentication. Systems should be able to recognize specific identifying traits. For example, consider installing fingerprint detectors on laptops and doorway entries and/or an ID card system along with perhaps an iris detector.
• Provide evidence of system control. You should be able to provide evidence of what control your IT department has over your systems. You should be able to produce reports that detail user access and activity.
• Produce clear reports for understanding across the board and compliance purposes. Additionally, your reports should be clear, concise and easy enough for those without IT backgrounds or in-depth IT security knowledge to understand and interpret. Because there are a number of regulatory agencies involved in your security, be sure to address those initiatives in your reporting systems.

Additionally, ensure that your computer server is in a secure, locked room and make regular back-ups and store them in a secure place. If your organization uses electronic medical records, make sure those systems have user management and permission systems in place as well.