Protecting Patient Health Information

Nov. 9, 2011
I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

Jim Elert, CIO of shred services of Trinity Health, Novi, Mich., says that healthcare security is much more than a matter of passwords and firewalls. When building a security program, it’s necessary to take a comprehensive view that takes into account governance, policies, and education, so that people who use the system understand it.

Jennings Aske, chief information security officer at Boston-based Partners Healthcare, takes a similar view. He cautions that healthcare organizations should not view data security as a regulatory driven matter, but one that is intrinsic to an organization’s business objectives. “You should be doing security because it is the right thing to do, not because the law says you have to do it,” he says.

Both experts say they have existing standards from the International Organization of Standards (ISO) and the National Institute of Standards and Technology (NIST) have provided guidance in putting together their security policies.

I think they make a good point. At a time when a proliferation of new regulations and technological devices are putting extra demands on hospital IS departments, it makes sense to rely on existing standards to ensure compliance. In a fast changing environment, NIST and ISO standards can at least help healthcare organizations in the right direction with regards to putting controls in place to protect their patient’s data.

More on the challenges on protecting patient data will appear in the October issue.
 

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?