Vendor compliance management: Are health care software vendors HIPAA compliant?


This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

Next, the nurse starts your IV. The IV pump sends information over a wireless connection to the pharmacy system. The data is encrypted with the notoriously insecure WEP protocol which, if compromised, would allow access to the entire pharmacy system and all the personal patient data in it. You are attached to the patient monitor that displays your heart rate and other vital signs. This monitor is actually a computer and once again, it has the same administrative password as every monitor at every hospital that purchased the device.

After your surgery, the nurse removes a pain medication from an automated dispenser. This dispenser is a Windows 2000 computer; the vendor has not tested Windows XP. The technician who installed the unit configured the hard drive so users can access it anonymously with root privileges -- to make servicing easier.

Surgery is frightening enough without having to worry about the security of the computer systems involved in your care. Not only is your personal information at risk but so is your safety. The security requirements for health care pale in comparison to those for online banking. Is your health information any less valuable than your financial data?

It is time health care software vendors take security seriously. If they were covered entities under HIPAA, it would be a big step toward providing secure electronic patient health records.

    Requires Free Membership to View

This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: