Proper incentives essential to protecting health data

Misalignment of incentives can prevent healthcare organizations from committing to the proper protections of sensitive information, according to Tyler Moore, an assistant professor of cybersecurity and information assurance at the University of Tulsa.

"Whenever organizations don't have appropriate incentives to protect information, they will not be able to adopt countermeasures to protect their systems," he told Healthcare IT News. "The importance of incentives in choosing the best types of security mechanisms cannot be underestimated."

Information asymmetry, when one party doesn't have adequate information about the other, also can affect security decisions--such as a hospital focusing on a vendor's observable features in a security product while there are other aspects not visible that need to be considered, he said.

Moore added that information sharing among peers can be one of the best ways to keep abreast of threats and learn how others have adopted successful strategies.

Earlier this year, the Obama administration released a proposal that would allow increased sharing of information on cyberthreats from the private sector with protection from liability.

The College of Healthcare Information Management Executives (CHIME) and the Health Information Trust Alliance (HITRUST) are among the organizations pushing for passage of the Cybersecurity Information Sharing Act in Congress as a way to formalize the process for information-sharing among private entities and the government.

However, a recent review of the HITRUST Cyber Threat XChange, an early warning system set up in 2012 to speed up detection and response to cyberattacks, found participation low and the information reported often unhelpful.

To learn more:
- read the full Healthcare IT News article