Posted by: adelvecchio
Data breach, Data loss, health IT, IT as a Service, PHI, Protected health information
Healthcare providers are becoming increasingly reliant on electronic health records and are operating in a complex landscape of governance, security, and availability. As a result, trusted IT has become a necessity to establish and maintain individually identifiable healthcare information and protected health information (PHI).
Trusted health IT solutions typically include advanced security, integrated backup and recovery, and continuous availability for the supporting IT architecture. Providers face the unique challenge of keeping PHI highly available, secure, and private as they increase the use of technology to improve patient care delivery.
Security breaches — whether the data is kept on physical IT assets or in a private cloud — can create a lack of confidence in a healthcare system and have significant regulatory implications. Although many healthcare organizations plan to conduct a HIPAA security risk assessment, which is a core requirement of stage 2 of the meaningful use incentive program, there is more work to be done.
To examine these issues, EMC Corp. recently completed the 2013 Global IT Trust Curve Survey — which surveyed 283 healthcare IT executives. The results highlight that providers continue to struggle with unplanned downtime, security breaches, and data loss. In the last 12 months, 40% of respondents reported having an unplanned outage of some kind. On average, these organizations lost 57 hours to unplanned downtime, incurring an estimated loss of $432,000 per outage. Additionally, the study found:
- 61% of global healthcare organizations surveyed experienced a security-related incident in the form of a security breach, data loss, or unplanned down time at least once in the past 12 months.
- Nearly one in five (19%) experienced a security breach in the last 12 months at an average financial loss of $810,189.
- More than one in four (28%) experienced data loss in the past 12 months at an average financial loss of $807,571 per incident.
Failing to invest in trusted health IT solutions to protect data and ensure a reliable, highly available network incurs real, quantifiable costs to the healthcare system. In addition to the financial implications, inefficient IT architecture can slow the transition many organizations are making as they deploy IT as a Service (ITaaS) models and seek to deliver IT solutions to other organizations in their networks. ITaaS models help organizations increase agility, accelerate deployment of key healthcare applications, and lower costs.
Healthcare organizations have until June 30, 2014, to comply with HITECH Act PHI privacy and security requirements or sacrifice significant federal funding in the form of meaningful use incentives. Failure to meet meaningful use stage 1 requirements by 2015 will result in a penalty on CMS reimbursements, starting at 1% and increasing annually.
Healthcare organizations are encouraged to take a holistic view of security management by adopting an integrated approach to governance, risk, and compliance. To align appropriate security activities for maximum protection across the enterprise, I suggest installing a security management framework into your IT infrastructure comprised of:
- Business governance — Embedding security into all organizational structures and processes while taking regulatory requirements (HIPAA, HITECH) and internal policies into account.
- Security risk management — Identifying and classifying information risks and tracking risk mitigation.
- Operations management — Implementing security processes and controls in line with current security policies to prevent risks from developing into security incidents.
- Incident management — Detecting, analyzing, resolving, and reporting security incidents to minimize their impact.
These strategies can be implemented using a phased approach. Investing in a secure and reliable IT architecture increases trust in IT while improving patient care delivery.
Roberta Katz is the director of healthcare solutions for EMC.