Let’s Make Data Protection an Industry-Wide New Year’s Resolution

Jan. 4, 2013
For those in the healthcare industry, there are countless things that could be filed under, “New Year’s resolution.” Perhaps more than anything else, providers should look at ways of preventing data breaches, which have become a growing issue.

Happy New Year! I hope everyone had a great holiday and got to spend some time with their families.

With the dawn of a new year, resolutions become the trend du jour for about two weeks before everyone finds something else to focus on. It’s great to have resolutions;  I’ve had many in my life, most of which end up getting inevitably ignored.

For those in the healthcare industry, there are countless things that could be filed under, “New Year’s resolution.” Just last week, I posted a podcast interview with Jason Fortin, senior advisor at Impact Advisors, on what providers’ resolutions should be when it comes to Stage 2 of meaningful use. If you’re a CIO at a hospital or health system that is attesting to meaningful use, I highly recommend it.

Yet, I think there is a more important “resolution” out there for CIOs and other IT leaders at hospitals, if that seems possible. It involves data security.

There is a huge problem in healthcare in relation to data security. A month or so ago, the Ponemon Institute reported 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years. That wasn’t the only study last year that had reported theobvious: this is a serious issue in the industry.

I saw a quote in an article in The Washington Post this week that really opened my eyes. It was from Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. Rubin said, “I have never seen an industry with more gaping security holes.”

That is as damning a statement as I’ve read. Maybe it’s accurate, or maybe it’s an exaggeration. Either way, no one can argue that the healthcare industry needs to wake up and do better.

That article was about the flaws in various EMR software solutions. While hacking is clearly a growing problem, as evidenced by stories like what happened to the Surgeons of Lake County, Libertyville, Ill. Much of what is going on is through carelessness, according to Michael ‘Mac’ McMillan, chair of the HIMSS Privacy & Policy Task Force, and co-founder and CEO of CynergisTek Inc., a health information security and regulatory compliance firm located out of Austin, Texas,. As in this is an issue that can easily be avoided.

This simply can’t go on. No organization, with hundreds or thousands of workers, will ever be perfect. But these organizations, and we’re talking big and small, need to improve.

If there’s a silver lining, it’s what Larry Ponemon, head of the Ponemon Institute, told me in a podcast recently. He said the increasing number of reported breaches is actually a sign of progress. Since the institute started tracking data, he says, the number of breaches has gone up because organizations are actually reporting them (thanks in part to the government).

“When we started tracking this in 2010, it was clear lots of breaches weren’t noticed, they weren’t recorded,” Ponemon says. “The fact we have more data breaches could mean we’re better at detecting data breaches.”

Let’s hope in 2013, organizations are not only better at detecting them, but preventing them as well.

Please feel free to respond in the comment section below or on Twitter by following me at @HCI_GPerna.

Sponsored Recommendations

A Comprehensive Workplace Safety Checklist

This checklist is designed for healthcare facilities focused on increasing workplace safety. It’s meant to inspire ideas, strengthen safety plans, and encourage joint commission...

Healthcare Rankings Report

Adapting in Healthcare: Key Insights and Strategies from Leading Systems As healthcare marketers navigate changes in a volatile industry, they know one thing is certain: we've...

Healthcare Reputation Industry Trends

Navigating the Tipping Point: Strategies for Reputation Management in a Volatile Healthcare Environment As healthcare marketers navigate changes in a volatile industry, they can...

Clinical Evaluation: An AI Assistant for Primary Care

The AAFP's clinical evaluation offers a detailed analysis of how an innovative AI solution can help relieve physicians' administrative burden and aid them in improving health ...