Monday, December 2, 2013

Healthcare Information Security - Get a Good Grip

Published by Pradip Sengupta, CEO of IPS Technology Services

As Healthcare technology matures over the next few years, information security has been identified as one of the key success factors for Electronic Healthcare Record (EHR) implementation. Once all associated healthcare technology (EHR, Practice Management, ePrescribe, CPOE, etc. ) is established, information will be exchanged over the Internet and other media such as, flash drives, laptops, PDAs etc. raising concerns about security. This is why it is important to understand how information security will impact a provider’s business.

So, what is the significance of information security in healthcare? Since healthcare requires a wide range of information comprised of personal health, finance, credit card, medicines taken, diseases, habits, treatment, patient-doctor information, etc. the chances of exploitation is very high. Criticality of information exchange in healthcare industry and the privacy is an order of magnitude higher than other industries as third parties could use it for personal gains, discrimination, lawsuit, and credit approval among the first few come in mind.

In order to conduct business a physician’s practice should consider the following important factors regarding information security.

Processes – which processes are critical where private and personal information is exchanged among parties including internal departments/ employees. Do you have security policies and procedures in place?
Internet – If using a hosted solution for EHR or other tools, is there a security policy implemented. Are you reviewing security audit reports on a regular basis to monitor breaches?
Tools – are the tools used by the practice certified by CMA, NIST, or other organizations and compliant with required industry standards?
Devices – do you have a security tools in place to protect PDAs, laptops, desktops, flash drives, so that information can’t be copied and can exchange hands?
Security standards – are your hardware, software, and enterprise archtecture as well as configuration compliant with HIPAA standards ?
Information Breach – do you have a process to report any information breach and/or compromise of security to the government?
People – do you have a comprehensive understanding of who in your organization is handling what information? Do you know how information is exchanging hands?

While the above list may look daunting and create an impression that it can’t be achieved or it will overburden the practice … it is achievable. The good news is that there are affordable solutions aplenty in each category to ease the pain of security implementation. Additionally, there are many client success stories and case studies where appropriate tools are used by providers, clinicians, and physicians practices to get significant benefits.

The key thing for a physicians practice is to understand all people, process, tools, and standards and develop a comprehensive security strategy for the organization. A strategy needs to be followed by a well founded plan and the progress must be monitored. It will not only mitigate security risks and avoid penalties, it will also make the process more efficient and the practice more profitable.
To know more about Healthcare IT implementation best practices, feel free to call IPS Technology Services at 248-835-9895 or go to

No portion of this article will be copied or reproduced without written permission from IPS Technology Services.
Content of this blog is IPS Technology Services Confidential; All rights reserved.