| |||
|
|
||
|
|||
| |
|
Home > Security News > HIPAA changes force healthcare to improve data flow |
| |
|
|
|
|
| Security News: |
|
||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic health records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows. To be sure, with federal money allocated through 2014 for the task of modernizing the healthcare industry there will be many consultant and vendor businesses that will thrive on stimulus money. Healthcare is unique in that storage of electronic health records is highly distributed between primary care physicians, specialist doctors, hospitals, and insurance/HMO organizations. Information has to be efficiently shared among these entities with great sensitivity towards patient privacy and legitimate claims processing. Patients want to prevent over zealous employers from performing unauthorized background checks on medical history; claim processors want to prevent paying fraudulent claims arising from targeted patient identity theft. The bill has two provisions which turn this into a tremendously challenging plan, and a daunting task for securing patient data:
These provisions alone may cause massive re-architecting of how the healthcare industry manages personal health data. Healthcare organizations need to share confidential patient data when necessary, erase copies of that data and expire access privileges when that need passes, and audit the entire process for intrusions and fraudulent activity. While healthcare organizations should take the long view when planning major projects, HIPAA expenditures can be focused to enhance this effort:
The changes in healthcare and HIPAA regulations will cause daunting security challenges for the industry. While I am not convinced that the federal government can or should tell any industry how to protect electronic data, the reality is that they are. Healthcare security teams should move with a sense of urgency to totally understand information flows to be able to reduce the number of data repositories, communications lines, and individuals that must be secured. Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to eric@ogrengroup.com.
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
