From HIPAA Compliance to HITECH – Reforming Healthcare Security

David Ting
Feb 03, 2012

Khalid Kark of Forrester Research recently issued a useful whitepaper that outlines the security reforms needed to improve patient data security in the healthcare industry. A complimentary copy of the Forrester whitepaper, “Healthcare Security: Ready or not, Here it Comes,” can be downloaded from the Imprivata website.

The whitepaper highlights four key reasons why healthcare organizations are failing behind on security. Khalid provides a comprehensive set of recommendations to help healthcare organizations address these challenges – these are near and dear to what we do here every day. I thought I would share some of the insights gathered from work with our many healthcare customers.

I’ll tackle two of these issues in today’s post, and address the remaining ones in a subsequent posting.

1. Basic security technologies and processes are missing:
Kark correctly states that many CISOs struggle to get management’s attention on security issues and are limited in the resources they have to address the critical security risks they face. Bill McQuaid, CIO for Parkview Adventist Medical Center, recently spoke about how they were able to achieve Stage 6 HIMSS Analytics status, despite their relatively small size. Deploying strong authentication technologies, like fingerprint biometrics, considerably increases clinician productivity, while ensuring that only properly credentialed users have accessing sensitive information. This combination of security along with greater user productivity is sure to gain the attention of any manager.

2. Security spending lags behind other leading industries

As Khalid notes in his whitepaper, higher spending doesn’t necessarily equate to stronger security. What matters is using the dollars and resources you do have wisely. The days of enterprise-wide projects that take years to complete are over. By identifying the immediate areas of risk and implementing projects that yield immediate results, you can protect your organization, while demonstrating a quick ROI – this can come in handy when fighting for more dollars to spend on additional projects.

What are the main obstacles you’re facing in securing your organization? Share your story.
David