The Security Scrutinizer with Howard Anderson

Rapid EHR Adoption Creates Challenges

How Can Physicians Keep Up With Security?

In an education session addressing healthcare issues at RSA Conference 2012, speakers addressed the relatively slow pace at which provider organizations, especially doctors' offices, are adopting the latest security technologies and strategies.

See Also: Fog of War | How the Ukraine Conflict Transformed the Cyber Threat Landscape

The rapid adoption of electronic health records at physicians' offices, which are making the transition from paper to digitized records in the blink of any eye, thanks to federal financial incentives, means ensuring the security of that information is a major challenge, the speakers pointed out.

Everybody has a role to play in securing this information. We're all responsible; we're all in this together. 

Joy Pritts, chief privacy officer in the Office of the National Coordinator for Health IT, explained the challenge for a primarily non-healthcare audience. "We're doing this very rapidly, largely with a population that's not familiar with these technologies and how to protect the information," Pritts said. "It's not part of their culture. You can have a lot of technology for security, and policies for privacy, but if you lack a culture of protecting information ... you won't get the desired result."

Slow Pace of Encryption

In some information security areas, especially the application of encryption, the healthcare industry is moving at a painfully slow pace.

Publicity about major health information breaches is highlighting the value of encrypting data at rest, said Deven McGraw, director of the health privacy project at the Center for Democracy and Technology. "Every other industry does that as a matter of course. The tide is turning in healthcare, but it's like the Titanic; it's turning really slowly."

The HITECH Act is providing billions of dollars in incentives for the adoption of electronic health records. But ensuring those records are secure requires a team approach, stressed Pritts, whose office is taking a lead role in creating guidelines for the incentive program.

"Everybody has a role to play in securing this information," she said. "We're all responsible; we're all in this together."

Government needs to enact appropriate policies; vendors need to produce EHR applications with adequate security capabilities; healthcare providers need to appropriately implement safeguards; and patients need to take adequate precautions as well.

As physicians and others "become more literate on protecting privacy," security gaps will begin to close, predicted Deborah Wolf, executive adviser on health privacy issues for the consultancy Booz Allen Hamilton.

Let's hope those gaps close quickly so that fewer Americans are affected by major health information breaches in the years to come. More than 19 million individuals have been affected by about 400 major breaches just since late 2009. And that's unacceptable.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.