Organizations must be proactive and adjust their security and privacy approaches frequently to avoid breaches, according to Jim Noga, Vice President and CIO of Boston-based Partners HealthCare.
In an interview with HealthITSecurity, Noga, along with Partners CISO Robert Jennings Aske, talked about addressing patient data privacy from top to bottom. It's "all hands on deck" for Partners, they said.
"To be honest, I just ignore [products that say they're HIPAA compliant]," Aske said in regard to bringing consumer technology to work. "As an organization, we try to do third-party risk assessments and evaluate products ourselves and not rely upon what the vendor says because the reality is that no one's out there certifying HIPAA compliance."
Because the regulatory environment is different now than in the past, organizations need to fundamentally change the way they function knowing security event monitoring is a real priority, Aske said.
No matter how much you educate the people in your organization, though, Noga added, somebody will try a phishing attempt.
"Our CEO has acknowledged that privacy and security are important, but the big threat we're worried about is the alteration and integrity of the data," Noga said. "A breach is obviously a bad thing that you have to deal with it and it's a huge incident, but if someone came in and altered an EHR's data that could have a dramatic impact."
At the Healthcare Privacy Summit in Washington, D.C., last summer, privacy experts spoke about their data breach experiences, agreeing that what they experienced likely is just the beginning for what's possible in security fissures at healthcare organizations. They agreed that health data security efforts are too reactive.
To learn more:
- read the full interview in HealthITSecurity
Privacy experts: Health data security efforts too reactive
Mobile security a primary concern for docs
Hospital IT director: Focus on securing patient data, not devices
Implanted cardiac devices could be subject to tampering
Hospital use of data breach insurance increases as incidents multiply
Privacy breach insurance helps prevent worst-case scenarios