Page 10 of 48
Previous Page     Next Page        Smaller fonts | Larger fonts     Go back to the flash version
Postscript
INDUSTRY WATCH

DUMMY

MECHANICAL
Providers ignoring security concerns
Sign-Off
RECORDS SECURITY
According to Forrester Re- security offi cers (CISOs) in the healthcare industry
search, while the financial struggle to get management’s attention and are typically

PRINT PROOF
services and retail industries struggled to comply operating on shoe-string budgets. This has led to poor
with the stringent regulations around the security and security and privacy controls at a majority of healthcare

NEW PDF
privacy of their sensitive data, the healthcare industry and medical facilities across the country.

mainly sat on the sidelines. It largely ignored many of Security spending lags behind other leading in-
REVISED PDF
the requirements laid out in HIPAA. dustries. Forrester’s annual security survey reveals
Why? “Because there were neither real incentives that spending in the healthcare sector is lower than
to comply with these requirements nor penalties ments nor penalties in other regulated industries. “Win other regulated i e found that the
for noncompliance, and nobody was enforcing y was enforcing healthcare industry allocates 10.9 percent of healthcare indu
HIPAA,” says Forrester researcher Khalidrcher Khalid the IT operating budget to securitythe IT operat , whereas
Kark. “Now, with the increased focus on ed focus on fi nancia nancial services fil ser rms spend 12.6 percent,
HMT
healthcare IT and the $19 billion set aside on set aside retail companies spend 12.5 percent, and retail comp
for the adoption of electronic health re-health re- even government institutions spend 11.1 even gover
cords (EHRs), the healthcare industry ndustry percent,” Kpercent ark says. “Although higher
has a real opportunity to embed se-d se- spending is not a prospend xy for better
PG.8
curity into its systems and processes esses securitysecur , the spending numbers do
– rather than bolting it on laterr.” point to the diffipoint culty that healthcare
The risk of theft, improper ac-r ac- CISOs have in getting suffiCISO cient bud-
cess or accidental disclosure risesrises get to protect their organizations.”get to
signifi cantly when patient recordscords HealthcarHe e providers are moving
are computerized, Kark says. As. A to EHRs without considering theto EH
single security incident can resultesult security implicationssecur . The economic
in the loss of thousands of records cords stimulus bill provides incentives to stimu
containing electronic patient health ealth healthcare organizations – especially healt
information (ePHI). Yet despite the e the smaller physician practices – to con-small
steep risks, he adds, many healthcareh vert to electronic records by offeringtt

CIRCLE/RS#
providers struggle to offer rudimen- them $2 billion in grants and $17
tary security controls to their organizations because: billion in Medicaid and Medicare reimbursements.

LIT#
Basic security technologies and processes are Forrester has observed that in the rush to convert to
missing. Even the most advanced hospitals lack basic electronic health records, many companies are ignoring

SHOWLINE security tools, Kark contends, such as an intrusion- or delaying basic security requirements.
prevention system (IPS), or a rudimentary process Hackers are increasingly targeting healthcare and

I/O CHECK
such as incident management. Many chief information medical facilities. According to the San Diego-based
nonprofi t organization Identity Theft

PROD MGR
Resource Center (ITRC), healthcare
was responsible for 20.5 percent of ex-
posed records in 2008. This totals more
than seven million records, and is the
second-highest percentage, behind only
the government/military sector. “This
Nelson Publishing
is partly because this sector is an easy
target with lax security controls and
2500 Tamiami Tr N
partly because the rewards of breaking
Nokomis, FL 34275 into healthcare systems are increasing
1-800-226-6113
as healthcare providers keep a number
of records in electronic form,” Kark
explains.
8 February 2010 HEALTH MANAGEMENT TECHNOLOGY www.healthmgttech.com
HHMT1002 IW FINAL.indd 8MT1002 IW FINAL.indd 8 11/25/2010 11:08:27 AM/25/2010 11:08:27 AM
Previous arrowPrevious Page     Next PageNext arrow        Smaller fonts | Larger fonts     Go back to the flash version
1  |  2  |  3  |  4  |  5  |  6  |  7  |  8  |  9  |  10  |  11  |  12  |  13  |  14  |  15  |  16  |  17  |  18  |  19  |  20  |  21  |  22  |  23  |  24  |  25  |  26  |  27  |  28  |  29  |  30  |  31  |  32  |  33  |  34  |  35  |  36  |  37  |  38  |  39  |  40  |  41  |  42  |  43  |  44  |  45  |  46  |  47  |  48