Protecting Patient Health Information

Nov. 9, 2011
I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

I recently interviewed hospital CIOs and other experts on the issue of healthcare data security. What they told me emphasized, for me, the wide-ranging challenges faced by hospitals in making sure that the patient data is secure. Those challenges come from both the regulatory changes under the Health Information Technology for Economic and Clinical health (HITECH) Act and the Health Insurance Portability and Accountability Act (HIPAA), as well as technology available with the wide range of portable electronic consumer devices now on the market.

Jim Elert, CIO of shred services of Trinity Health, Novi, Mich., says that healthcare security is much more than a matter of passwords and firewalls. When building a security program, it’s necessary to take a comprehensive view that takes into account governance, policies, and education, so that people who use the system understand it.

Jennings Aske, chief information security officer at Boston-based Partners Healthcare, takes a similar view. He cautions that healthcare organizations should not view data security as a regulatory driven matter, but one that is intrinsic to an organization’s business objectives. “You should be doing security because it is the right thing to do, not because the law says you have to do it,” he says.

Both experts say they have existing standards from the International Organization of Standards (ISO) and the National Institute of Standards and Technology (NIST) have provided guidance in putting together their security policies.

I think they make a good point. At a time when a proliferation of new regulations and technological devices are putting extra demands on hospital IS departments, it makes sense to rely on existing standards to ensure compliance. In a fast changing environment, NIST and ISO standards can at least help healthcare organizations in the right direction with regards to putting controls in place to protect their patient’s data.

More on the challenges on protecting patient data will appear in the October issue.
 

Sponsored Recommendations

Going Beyond the Smart Room: Empowering Nursing & Clinical Staff with Ambient Technology, Observation, and Documentation

Discover how ambient AI technology is revolutionizing nursing workflows and empowering clinical staff at scale. Learn about how Orlando Health implemented innovative strategies...

Enabling efficiencies in patient care and healthcare operations

Labor shortages. Burnout. Gaps in access to care. The healthcare industry has rising patient, caregiver and stakeholder expectations around customer experiences, increasing the...

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

Join us for this April 30th webinar to learn about 2024's State of the Market Report: New Challenges in Health Data Management.

Findings on the Healthcare Industry’s Lag to Adopt Technologies to Improve Data Management and Patient Care

2024's State of the Market Report: New Challenges in Health Data Management