adv

The 4 biggest healthcare IT headaches

The 4 biggest healthcare IT headachesTo avoid violating regulations, which could result in tens of thousands of dollars (or more) of fines and negative publicity, healthcare providers must ensure that their facilities are in compliance and be constantly on the lookout for security threats.

And “while the governance of information causes headaches for IT leaders across all industries, when it comes to healthcare, the myriad of confidentiality and privacy concerns for CIOs and health information management administrators creates added complexity,” said Ken Mortensen, data protection officer at InterSystems. One slip-up and “IT leaders risk exposing [sensitive] health information, or, even worse, contributing to an unfortunate patient outcome.”

Following are four of the biggest IT issues hospitals and healthcare facilities must deal with and steps they can take to avoid violations and breaches.

HIPAA compliance

In the US, “HIPAA [the Health Insurance Portability and Accountability Act] states that healthcare providers must use ‘appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information,’” said Kate Borten, founder of The Marblehead Group.

“This caveat has become a headache for healthcare IT managers, especially as more healthcare teams are using mobile devices to view sensitive patient data outside the walls of healthcare facilities. This can make it all too [easy] for hackers to view and capture sensitive or confidential patient information for unauthorized use.

“Fortunately, there are a number of ways healthcare teams can reduce the risk of hacking and improve the physical security and privacy of patient information,” she said. Hospitals can install or require privacy screens or filters be applied to all computers and mobile devices, to prevent prying eyes from seeing confidential information. And they can require that all data be encrypted.

“It’s imperative that more healthcare organizations adopt stricter data encryption policies based on PHI disclosures,” said Ken Adamson, vice president of product management at Proficio.

“Encryption should be embedded directly into files [as well as used in email], with set user permissions to control who accesses information. If healthcare organizations don’t use encryption, they run the risk of having to pay hefty fines in the event of a data leak.”

It is also important that any “vendors they work with must be able and willing to enter into HIPAA Business Associate Agreements (BAAs),” says Ryan van Biljon, vice president, mid-market at Samanage.



Comments