alphaspirit - Fotolia

Wanted: Super sleuths to find healthcare data security risks

To secure patient data in a world on the go, learn from breaches others have experienced, experts say, and look at how analytics can boost your security strategy.

Health IT could sure use a modern version of Sherlock Holmes. So many of the efforts behind guarding protected health information (PHI) and other sensitive patient data involve tracking cybercriminals' paths rather than stopping them with firewalls and encryption.

SearchHealthIT's latest handbook -- Healthcare Data Security Challenges in a Mobile World -- looks at current trends for guarding PHI. We learned earlier this year from a TechTarget survey that security topped the list of IT spending in hospitals. The results showed that 61% of respondents planned to invest in mobile security this year, for example.

In the case of healthcare data security, it's all perhaps best summed up by this quote from Ed Grogan, vice president and CIO at Calvert Health System Inc., in Prince Frederick, Md.

One pixel HIMSS 2015: Healthcare CIOs investing
in security

"There's amazing concern that with mobile apps and mobile devices [and] Internet of Things that there's less of a focus on quality control and information security development," said Grogan, whose thoughts feature prominently in reporter Kristen Lee's handbook story about learning from past data threats.

Liabilities in healthcare data security

Lee brings up an age-old concept: Keep an eye on the weakest link in security measures, including third-party vendors.

Technology serves as a virtual magnifying glass for IT team members.

Artificial intelligence and data analytics may help organizations track down weak links and breaches into a system, columnist Reda Chouffani discusses in his piece. These two technologies monitor signs of an attack, such as multiple failed password attempts or large amounts of data suddenly being transferred.

At the same time, IT professionals need the skills to decipher these clues, a notion that is not far off from the dilemma of all big data -- namely, how to interpret such information so that one can take useful actions from it.

HIPAA protections for wearables

In the handbook's final article, Lee returns with an interesting look at how HIPAA -- the healthcare law that governs access to medical records -- intersects with wearable devices that monitor health, such as Fitbits.

Generally, HIPAA regulates wearable devices only if a covered entity (i.e., a physician) prescribes patients to use such a device. But gray areas always persist with HIPAA coverage: As interoperability expands among EHRs, it's possible that individuals may be able to directly access their medical records through a wearable gadget someday. Hand in hand with that future world will be the need to safeguard who has access to the device.

As medical data and mobile health increase in prominence, technology serves as a virtual magnifying glass for IT team members who -- just like Sherlock Holmes -- are sleuths stopping cybercrime.  

What healthcare data security trends have caught your eye? Let me know by email at [email protected] or on Twitter: @Scott_HighTech.

Next Steps

Businesses must build trust into data privacy policies

What to know about privacy in a HIPAA audit

In #ChatHIT recap, participants discuss wearable technology

Dig Deeper on HIPAA (Health Insurance Portability and Accountability Act)