Hospital IT security shouldn't be a knee-jerk reaction

Hospital operations, including patients' personal and health records, are becoming more digital by the day. As that landscape shifts online, an emphasis on keeping such information safe grows increasingly important.

Being reactionary, however, isn't enough in today's world. Just ask Phoenix Cardiac Surgery, a five-physician practice which earlier this year was fined $100,000 U.S. Department of Health & Human Services' Office for Civil Rights after a calendar of patient appointments was posted online.

HIPAA violations are an expensive proposition both for hospitals and patients--the former can face fines up to $1.5 million from OCR in addition to reputational hits, while the latter can face loss of identity, ruined credit and more.

That's why it's important for healthcare facilities to try to stay ahead of the game. A proactive approach to security doesn't necessarily guarantee your patients' files and records will be safe, but it can at least offer comfort to patients, who will feel better knowing the steps your organization is taking ahead of time to try to protect their data.

For example, Beth Israel Deaconess Medical Center CIO John Halamka outlined on his blog step-by-step guidance for how his facility will proactively secure mobile devices. That's a good start.

We also recently reported an interesting approach to maintaining security for medical images by using digital watermarks. The approach is still being tested by researchers, but early results show promise, even if medical images haven't exactly been a prime target for hackers to date.

But that's really the whole point: Facilities shouldn't wait for problems to arise before trying to figure out potential protections or solutions. Instead, they should be proactive--both in terms of information protection and conducting audits to determine areas of need when it comes to security.

After all, if you're in a hostage situation, such as the one at the Libertyville, Ill.-based practice The Surgeons of Lake County, it's already too late. - Dan

Suggested Articles

UnitedHealth Group's Optum business acquired startup NaviHealth, a company that provides post-acute care management services.

Google's latest initiative points to the role it wants to play as part of the COVID-19 response and, more broadly, in healthcare.

Erica Galvez of Manifest MedEx hopes more healthcare leaders recognize that they already have the tools to respond to the call for remote care.