ACOs put provider data at risk

Under accountable care, healthcare providers and payers are increasingly shaing patient data--and with that comes increased risk that the information falling into the wrong hands, Bill Fox, a security expert and principal at Booz Allen Hamilton, told in a recent interview.

Taking a proactive role in security and avoiding silos both are vital to overcoming such hurdles, according to Fox.

"If you think about an organized system that's connected virtually and electronically with any other number of systems, that's where you start to add on complexity and risk because they've got to understand where the vulnerabilities are in terms of the processes, the people and the technology that are involved in making that work," Fox said.

"[Don't have] a group that's working on integrated care delivery; a group that's working on patients that are in a medical home; a group that's working on making a hospital internally work more efficiently--and then have the CISO's office way off to the side separately dealing with something."

Criminals in search of financial data, Fox added, pose one of the biggest threats to healthcare organizations.

"As financial services gets more sophisticated ... there will be a switch over to the healthcare industry because we have all that data, too," Fox said. "We have all this protected health information and financial data, and organizations have intellectual property, and the wall is not as hard to get through."

Jared Rhoads, a senior research specialist with CSC, told FierceHealthIT in an interview published earlier this month that healthcare organizations need to be relentless when it comes to information security.

"It needs to be more of an ongoing, constant, holistic type of approach where you're looking at your systems from the perspective of someone from the outside," Rhoads said. He echoed Fox's sentiments that hackers generally crack into hospital systems through poorly configured tools and software, and added that hiring "ethical hackers" could be another strategy worth exploring.

"Some of them used to be hackers and they know how to think like hackers--they're experts at security who will say, 'How would I gain access to this organization?'" Rhoads said. "They will promise not to do anything bad, but they'll test your systems as if they were a hacker."

To learn more:
- read the full interview