Protecting Digital Health Information—Where to Start? (Part 1 of 3)
Healthcare provider organizations everywhere are evolving patient health data access and management, making personally identifiable information (PII) more digital, mobile and available. With this move comes a quantum increase in the exposure of individually identifiable information within the enterprise and across the extended value chain. The balancing act is to address the need to be agile and responsive to stakeholders, and therefore more competitive, while managing the risk of compromised security with consistently dwindling budgets.
We ask healthcare leaders, “What could someone do with your health record?” With the black market value of a patient health record at $50, or five times that of other PII the answer is “a lot.” According to the Third Annual Benchmark Study on Patient Privacy & Data Security (Ponemon Institute, 2012), only four in 10 healthcare organizations feel that they can prevent a data breach. Breaches of PII are increasing, are frequently in the millions of records, and make billions of dollars for black marketers. Ponemon asserts that fewer than half of all health providers conduct annual security assessments. Cyber attacks on health provider organizations are increasing, and becoming harder to control, with breaches costing healthcare organizations an average of $2.4 million per year (Ponemon, 2012). This comes at a time when U.S. health providers are expecting reductions in topline revenue beginning in 2014, relying on an associated reduction in operating budgets to combat these security vulnerabilities.
Health providers understand that before they can make a diagnosis they must assess the patient. This applies equally to cyber security in health IT. From there, a health provider can set the plan to manage care with the patient and his or her caregivers. “An ounce of prevention is worth a pound of cure.” Assessing the security of the health enterprise for cyber threats and vulnerabilities can identify issues before they become overwhelming problems. Partnering with a vendor who understands managed security architectures provides a safety net that assures your stakeholders that you are protecting and securing sensitive information.