New era, new requirements: data loss prevention Half of patients in the United States believe that
electronic health records will have a negative impact on the privacy of their personal health information (CDW Healthcare, “Elevated Heart Rates: EHRs and IT Security,” March 2011). Whether those concerns turn out to be prescient or paranoia is largely based upon how healthcare organizations respond to the new security requirements of the EHR era. Without question, the cyber criminals are ready; the illicit market for personal information is growing at 500 percent a year. Yet, according to a 2010 Ponemon Institute study, 88 percent of data breaches were caused by employees making simple mistakes in handling data or broken business processes. By fi xing the basic cultural and business process problems, IT security staff can then turn their attention to the real threat: malicious fraud. Though preventing data loss does require investment,
the return to the organization in terms of risk mitigation is signifi cant. According to the same Ponemon Institute study, the average cost of fi xing a data breach is $6.7
million, and that is just to address the technology.
does not include the impact to corporate reputation, loss of customers, legal fees or restitution. EHRs are not inherently less secure than paper records, but they do demand a different approach to protecting data. To start, engage data owners to build a stakeholder group with the gravity and resources to make meaningful changes to the organization’s processes. Then, work with a trusted technology partner to conduct a data-centric security assessment to clearly understand where your organization’s data is most at risk. In the end, most organizations fi nd that the biggest risk is not the foreign hacker – it is organizational inertia.
Sadik Al-Abdulla, senior manager,
security solutions, CDW The key to qualifying for Stage 1 is in the cloud
As hospitals prepare to meet the requirements of meaningful use, they are realizing that they are in immediate need of fl exible clinical integration solutions to help them link disparate systems and electronically exchange health information. To add to the pressure, they are up against a looming deadline for Stage 1 and slim budgets to implement new healthcare technology.
Whether or not a hospital has an existing electronic health record, establishing connectivity and interoperability with other providers’ systems and ancillary services will be extremely diffi cult – especially doing it in time to qualify for Stage 1 or even Stage 2 incentives.
Hospitals without an EHR: Unfortunately, these hospitals have to face the reality that they may not qualify for Stage 1 incentives even if they sign on with an EHR vendor today. This is because traditional EHR implementations can take up to a year. Combine that time with the 90 days of meaningful use required by law, and hospitals will be cutting it too close or they won’t meet the deadline to qualify for Stage 1 incentives at all.
Hospitals with an EHR: Several hospitals with existing EHR solutions have system gaps that hinder their ability to meet the standards for clinical integration. Many EHR
vendors are addressing this issue. The problem, however, is that the vendors are backlogged with demands for meaningful-use-compliant implementations, putting many hospitals on a waitlist that hinders their ability to upgrade their systems in time to qualify for Stage 1 – and in some cases, Stage 2 – incentives.
Oleg Bess, M.D., CEO, 4medica
The key to solving this problem and electronically exchanging health information in time to meet the 2012 deadline is in the cloud. Clinical integration solutions that leverage the cloud and software-as-a- service (SaaS) technology can act as the “glue” that links existing healthcare IT together. Whether or not a hospital has an EHR, this type of technology can integrate data from multiple sources and institutions using standards specifi ed in meaningful-use criteria to act as a patient-centric integrated health record. And, because the Web-based technology acts as middleware – sitting on top of existing healthcare IT solutions – it can be implemented in just weeks, giving hospitals a comfortable cushion to meet the Stage 1 deadline.
HEALTH MANAGEMENT TECHNOLOGY April 2011 11