Healthcare Informatics: Getting Out of the Compliance Mindset: Doing More with Data Security

At West Virginia University (WVU) Hospitals, the traditional barriers of data protection have always been in place, but for Mark Combs that just wasn’t good enough.

Combs, the organization’s chief information security officer, says the Morgantown-based multi-hospital, nonprofit health system has tried to stay ahead of the game when it comes to use of electronic health records (EHRs) and the subsequent protection of that data. Even before it implemented its current EHR, from the Verona, Wis.-based Epic Systems, it had a physician order entry system from Eclipsys (now part of the Chicago-based Allscripts). Back then, it did manual audits of user activity from various systems to ensure there was no inappropriate access of protected health information (PHI).

For the diverse healthcare organizations that have gotten out of the compliance mindset and taken those extra steps, often, there are outlying reasons. At Riverside Medical Center, a 336-bed hospital in Kankakee, Ill., employing biometric dual-factor authentication, single-sign on technology (from the Lexington, Mass.-based Imprivata) made credentialing seamless and easy for its physicians, who were using several different log-ins for different clinical systems.