Healthcare IT: Addressing Challenges of Information Security

Healthcare IT HIPAA EHR Management SupportInformation Security: What’s It Mean for Healthcare IT ?

The pervasive use of Electronic Health Records (EHR) has made sharing patient information significantly easier. While this has dramatically improved the quality of patient care, how secure is your confidential patient information?


Information Security in Health Care

The goal of EHR is to collate information for better patient care and encourage smarter spending. But what happens when patients are wary of the accuracy and confidentiality of their EHR? They may refuse to divulge information crucial to getting proper medical care.

Security Breach Risks

Ideally, healthcare IT should be an invulnerable fortress. But is it really? Let’s take a look at the weak spots that need improved fortification.

Endpoint Encryption

According to this Forrester report, several healthcare organizations get by on a miserly security budget, and only 43 percent of healthcare firms have a comprehensive data security budget. As a result, securing endpoint data does not get the priority it should. Very few healthcare organizations use file-level or full-disk encryption.


Progressive technology is a breeding ground for sophisticated hackers. Hackers are more interested in financial fraud and identity-theft-related data, such as a patient’s social security number, than health-related information. In fact, recent months have seen a 600 percent increase of such attacks.

Healthcare Workers

Healthcare workers’ passwords are often the first breach in the battlefront of patient information security. For example, sometimes they forget to log out of their work station. Such mistakes lead to about 25 percent of security breaches, including identity theft and access to patient information records. Unless employees are given adequate security training, all security revamps will only be wasted effort.

Bring Your Own Device (BYOD)

BYOD permits healthcare employees to access work data via their personal devices. This trend adds a whole new dimension to patient health information security. Without an inclusive, operable and strictly followed security system in place, BYOD is the equivalent of encouraging a jewel thief to gate crash a celebrity wedding.

Business Associates (BA)

Most external threats to patient information security are due to the carelessness of BAs who have access to such information. They are the cause of about 20 percent of recent security breaches.

The Technology-Expertise Gap

Often, even if healthcare organizations have the budget to implement the right technology to detect pitfalls, the security technology remains unexploited because most in the organization are not trained and equipped to implement it.

The key to countering security threats, whether external or internal, is awareness and training. Training should be an ongoing process in order to address changes in technology and new threat sources.

Comments are closed.


San Francisco Office
315 Montgomery St., 9th Fl
San Francisco, CA 94104

P 415-759-8500

Concord Office
1800 Sutter St., Ste 680
Concord, CA 94520

P 925-459-8500