As the top story below reminds us, it doesn't take a sophisticated attack to expose critical patient data. In fact, in this case, something as simple as an unsecured Web server was to blame.
Unfortunately, when it comes to public fears, the healthcare industry has less wiggle room than other markets. We simply can't afford to be perceived as careless; consumers are not going to take it lying down. Even if the security hole is minuscule, we're talking really bad press here. You may not get the hundreds or thousands of frantic calls from patients, but have no doubt that someone will.
I understand that you may not have the budget for a security upgrade. Honestly, maybe it's not even time to do so. After all, nobody's sure yet whether individual health systems, physicians, RHIOs or some as-yet-unknown entity (think: the feds) will control the emerging health data infrastructure. IT planners may want to wait to see what they're required to do, rather than taking a big risk on infrastructure that might be obsoleted by federal or state regs.
Still, every time I read about another hospital data security breach, I cringe over how I'd explain it to my mom if she were a patient there. She's afraid to touch a computer, much less work with a health information portal. The constant slow drip of data breach stories aren't helping matters any with patients like her.
Just keep front of mind that unlike other enterprise IT efforts, your patient data security effort has to make the grade with people, like our mothers, who don't know anything about your challenges--and don't want to know. Yeah, I know, life isn't fair. - Anne
P.S. Please also take a look at our upcoming webinar, "How to have a Productive and HIPAA Compliant Healthcare Remote Access Solution," for a discussion of security issues involved in remote access. Register now.