'No such thing' as a totally secure health data system

By Dan Bowman

For hospitals and healthcare practices, a data breach is one of the worst things that can happen, Duncan (Oklahoma) Regional Hospital Vice President and Chief Information Officer Roger Neal (pictured right) tells FierceHealthIT.

Most hospitals "have programs and systems in place to mitigate these types of issues, however, it's a minute-by-minute changing world," Neal says. "Staying on top of it is crucial and what keeps me up at night."

Still, Neal says, there is no such a thing as a completely secure system anywhere. "And with the high volume of work in healthcare to meet all of our current regulatory requirements, the industry is struggling with security," he says.

Todd Richardson (pictured left), vice president and CIO at Wausau, Wisconsin-based Aspirus Inc., says that of late, he's seen a "heightened awareness and support" at the executive and board levels at his health system when it comes to privacy and security "blocking and tackling" measures, particularly in the wake of the Community Health Systems and Anthem breaches.

"These incidents make us all feel incredibly vulnerable and highlight the need for constant vigilance," he says.

Neal adds that to regain trust in the event of a breach, a proactive and honest approach with those impacted works best.

"Although a hit to your rep, you can recover," Neal says. "You want to get in front of the frenzy from a media standpoint and be out there with 'this is what happened; this is what we are doing to fix it; this is what we are doing to repair the damage.'"

'No such thing' as a totally secure health data system