Health IT and Electronic Health Activate your FREE membership today |  Log-in
0 pts.
 Preventing data breaches
New Discussion Post
ASKED: February 23, 2010  5:50 PM
UPDATED: December 14, 2010  3:59 am

Answer Wiki:
When it comes to data integrity, data security and systems access, the best security is adherence to enterprise network industry best practices security policy. Adherence to HIPAA and/or CFR compliance regarding data security/integrity are often victim to the dynamics and expense of EHR/EMR systems because of the deliverable "deadlines" and promised bonuses partnered with a wall of waivers of we-promise-to-fix-this-at-a-later-date. These systems are often delivered with enterprise network security policies as a complete after thought. Now that many of these health care IT systems are maturing and reaching the next fad of providing health care IT services to "affiliates", the issue of PHI security is quickly becoming a pay later scenario. In computer speak, the introduction of affiliates requires the addition of enterprise network "Infranets" and/or "Extranets" - more extranet than infranet. These terms require a short study of Wikipedia to get a lukewarm understanding of what you're going to have to get involved with. Confidence is high that lots of your infrastructure folks with any conscience at all will roll their eyes at executive sponsorship wanting to be the first on their block to tout affiliate (extranet) connectivity. First you're going to have to fix all those security waivers, and if your UNIX boxes (mostly UNIX servers drive these health care IT systems) are not compliant with UNIX server best (security) practices and you're still trying to spell security policy, then you are in for some high cost migration. The metamorphosis of IT and Health Care is a book that needs to be written now that we have a few years (10) behind us. The technologies used in health care since 2000 rivals that of the banking and financial information systems in complexity and need for extreme levels of data security. And although we can take from those lessons learned by the financial communities with regards to data security, we actually are developing an information technology that adheres more to classified environments. There are methodologies out there which can be adapted, but this requires more robust engineering efforts and investment than the health care industry is willing to admit. Until HIPAA gets bigger teeth than it already has and some big player has to settle a high dollar law suit for lack of compliance, executive sponsorship will not spend more than the business risk requires to implement the proper level of security to guarantee a system that will deliver a bullet proof PHI. The sad lesson in all of this, is that properly designed secure systems are much more economical, robust, scalable, better performing and the closest to that fleeting notion called the point of equilibrium.
Last Wiki Answer Submitted:  July 9, 2010  8:20 am  by  jzr   280 pts.
All Answer Wiki Contributors:  jzr   280 pts.
To see all answers submitted to the Answer Wiki: View Answer History.

Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Many, if not all, EMR systems are integrating IT technology that includes “affiliate” networks. These are partnerships that team what were once technically called “untrusted” networks together so that they can share patient data . There are complex network configuration pieces that are just out of infancy, that require a complicated integration strategy similar to that of financial and intelligence networks. I often find that this role is shared by about three different players on a network infrastructure team and difficult for business sponsors to get their arms around.

 280 pts.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: