Home » Blogs

  • del.icio.us
  • Digg
  • StumbleUpon
  • Reddit
  • Facebook
  • Google
  • RSS Icon
  

Study points to need for SHARP security research

April 07, 2010 | Jeff Rowe, Contributing Writer

As researchers gear up to focus on the issue of HIT security, a recent HIMSS study shows that the problem remains significant in hospitals.

According to this report on the 2010 HIMSS Analytics Report: Security of Patient Data, “the study found critical gaps in data security – and its findings suggested that efforts to keep data safe were often more reactive than proactive, with hospitals dedicating more resources to breach response than to breach prevention.”

Based on a biannual survey commissioned by Kroll Fraud Solutions of 250 healthcare professionals nationwide, the study found a number of things which should spur researchers on. For example, “the number of healthcare organizations that reported a breach increased by six percent in 2010 to 19 percent of total respondents – up from 13 percent in 2008,” when the last survey was conducted.

Moreover, “healthcare organizations continue to think of data security in specific silos . . . and not as an organization-wide responsibility, which creates unwanted gaps in policies and procedures.”

As Brian Lapidus, Kroll’s chief operating officer, put it, “The results of the latest study are bittersweet to say the least. On one hand, healthcare organizations are demonstrating increased awareness of the state of patient data security as a result of heightened regulatory activity and increased compliance. On the other, organizations are so afraid of being labeled ‘noncompliant’ that they overlook the bigger elephant in the room, the still-present risk and escalating costs associated with a data breach.”

As the study findings indicate, what is perhaps most harmed by data breaches is the confidence patients have in their providers’ IT systems, and it is that confidence that the researchers who recently received a $15 million award as part of the government’s SHARP program hope to address.

According to Professor Carl A. Gunter of the University of Illinois Department of Computer Science and IT, and the newly funded project’s lead investigator, "It is essential for patients and healthcare providers to have confidence in the information technologies on which modern healthcare is becoming increasingly reliant."

With that goal in mind, “SHARPS will focus on three health information environments – electronic health records, health information exchange, and telemedicine – that are becoming increasingly popular in spite of security concerns with their use.”

As the HIMSS study indicates, the IT security improvements that policymakers are aiming to achieve via the SHARP program could not happen too soon.

 

Jeff Rowe blogs daily at Priming the Pump.

Related Topics:

Reader Comments (1)Login to Post a Comment

John_Reno says: HIMSS study also points out the need to consider risk and trust
April 07, 2010 | 3:03PM GMT

I found the study quite useful. It should be examined closely by IT security professionals in all areas of the healthcare industry. I would point out that this analysis of data loss indicates an need to not only focus on trust but also risk. When IT security policies are created and systems are deployed, an implicit or explicit risk assessment is taking place. I believe it is critical for the IT security team to engage in an explicit risk assessment to mitigate threats and prevent data loss. Further discussion on this topic and suggestions with respect to IT security policy can be found at the Redspin blog - http://www.redspin.com/blog/.