In the health care industry, IT solutions are moving at a breakneck pace with an aim towards integrated electronic health records, interactive patient portals, mobile engagement and more. It’s a direction that many feel is necessary to bring health care up into this millennium and improve the quality of care. However, it’s a major cause for concern for data privacy and health care security.
Health care organizations are among the most common targets for malicious cyber attacks. The kinds of personal health information these companies maintain fetch a substantial price on the black market. And, compared to the financial services sector, health care is seen as an easy target for identity thieves. With heavy fines for data breaches — in addition to serious reputation damage and recovery costs — health care companies face catastrophic losses if they don’t shore up their security.
Yet a gap remains between what’s necessary to safeguard information and what’s actually being done. And health care organizations’ progress in cyber security remains a point of contention. According to a MedData survey of 272 health care professionals, doctors rated their clinics’ cyber security measures ‘below average’ (22%) more often than administrators and IT staff (8%). Doctors were most likely to cite electronic health records as the area of greatest vulnerability (51%), followed by mobile communication devices (46%) and patient portals (32%). Nearly 75% of administrators and IT staff claimed that email and messaging systems are most vulnerable.
The survey did find some agreement between doctors and administrative/IT staff. Namely, a majority of respondents from both groups (68%) identified malicious hackers as the most pressing threat. Additionally, most respondents (83%) pointed to regulatory compliance as the prominent driver of change toward more effective security systems.
Strict compliance with HIPAA and HITECH standards are absolute necessities for protecting personal health information, and it’s a strong foundation for building a truly effective cyber security approach. However, cyber security is far from being the only operational challenge for health care organizations. This is where a trusted HIPAA and health care security partner can help. Lunarline offers complete support for HIPAA/HITECH compliance as part of a comprehensive suite of health care security services.