Healthcare Information Security: A Call to Arms – Protect our Flanks!
Combating the Information Security Threat while Focused on Key Priorities
A guest blog on Porter Research October 25, 2012
While we all find ourselves struggling to prioritize various ongoing initiatives, those of us in healthcare IT are keenly aware of our larger objective—to improve the quality of healthcare and decrease healthcare cost through the use of information technology.
Our list of priorities continues to expand; Meaningful Use Stages 1 and 2, ICD-10, Health Information Exchanges (HIEs), upgrades in technology, and many more all compete for our top priority on any given day. Yet, while we have our heads down focused on these initiatives, there’s a growing uneasiness about the threat to the security of the information we’re entrusted with. We need to rally our awareness and Protect Our Flanks!
While other industries have sensitive information, recent initiatives and trends in the healthcare sector have created a target rich environment for potential bandits of Protected Health Information (PHI).
Several critical variables have combined to create this situation. The value of healthcare data, the amount of data electronically available, the increase in data connectivity outside traditional boundaries, and lack of attention and investment in security all contribute to a scenario where we could find ourselves potentially letting our guard down, leading to a flanking attack at healthcare data.
Electronic Health Records (EHRs) have grown in importance to providers, payers, and patients alike. Today’s health record not only contains what we fill out on the clipboard and doctor’s notes, but can contain a complete database of our personal identifiers, our history, and our health, financial, and family information. PHI is a very valuable target.
“As of the latest Centers for Medicare and Medicaid Services report, they have paid out over $7.1B to 129,329 eligible professionals and 3,905 hospitals. ”
The amount of data available electronically is increasing rapidly. The American Recovery and Reinvestment Act (ARRA) of 2009 provided incentives for Medicaid and Medicare providers to adopt and use EHRs. As of the latest Centers for Medicare and Medicaid Services report, they have paid out over $7.1B to 129,329 eligible professionals and 3,905 hospitals. In September, National Coordinator for Health IT, Farzad Mostashari, MD made it clear that these incentives would not stop since there are no set appropriations for the incentive. With good reason, providers will continue to prioritize the expansion of EHRs.
The Health Information Technology for Economic and Clinical Health (HITECH) Act has also contributed to advancing health information technology resulting in additional information security challenges.
One HITECH funded program, The State Health Information Exchange Cooperative Agreement Program, has awarded over $547M to build health information exchange (HIE) capabilities among providers. This has resulted in larger networks providing connectivity to PHI that historically has not been possible. Once again, a great cause, but also a challenge to information security.
The current level of attention and investment in health information security is the remaining variable increasing health IT vulnerability. In the Core Health Technologies’ 2011 HL7 Interface Technology Survey, CIOs answered “security” more than any other (35.8%) to the question “What keeps you awake at night?” The 2012 HIMSS Leadership Survey also showed us that a significant number of senior IT executives are concerned about security. Twenty-two percent of respondents noted breaches within the past 12 months and only four percent stated they did not have security concerns. The concern of senior executives is an indicator that the threat is real and more work needs to be done.
To use a military term, we’re all “decisively engaged” in our given mission. Our sights are set on achieving valuable objectives and our pace has quickened. We’re fighting the good fight. But as we aggressively press forward, we need to also secure our perimeter and prevent an attack that could decimate our whole cause. Today our call to action needs to be – Protect our Flanks!