Electronic records mandates expose HIPAA security holes

Electronic records mandates expose HIPAA security holes

With healthcare providers being forced to switch from paper to electronic documents under new legislation, a glaring security gap has become obvious and has providers scrambling to ensure HIPAA compliance.

A recent article in HealthITSecurity points out the quandary facing providers as they strive to meet the mandated changes in a timely fashion. In efforts to provide optimum patient protection, the New Jersey healthcare system, a big and growing non-profit, has begun to think, "outside the box," to protect in and out-patient data and information. Atlantic Health System Vice President and CIO Linda Reed, said, "we've been doing information security risk assessments since 2004 – third-party, outside – that includes penetration testing and all kinds of things." The New Jersey system has also begun operation of a communication tool it says is a secure, clinical discipline to work in conjunction with it's system sign-in and desktop operations. "We've had something called mobile rounding in place for a long time and the physicians got used to it, but what happened is that you had to have a piece of software on your device and it didn't let them to talk to each other," Reed explained. Company security personnel quickly realized the need to secure that mode of communication.

With many providers looking for a way to tighten their security and stay in compliance with privacy doctrines, a number of new and proprietary technologies are surfacing that take protection to the next level. Fingerprint and retina scans are part of the biometric security options that have become available in recent months. Fingerprint scans are non-duplicable and enable a provider's security team to identify and control personnel movements in the secured area. A recent article in the security publication, Bioelectronix.com, explains how fingerprint scanning works and showcases the "clean" and simple operation techniques.

In Savannah, Georgia, David Orischak is the CEO of Digitus Biometrics, designer of a cutting-edge security technology, and he says providers really need to target their server cabinets and continuously monitor their data center security to ensure optimum safety. Orischak adds that healthcare providers need to be diligent when protecting their patients' and staffers information. "In the data center security market today, given the value of stolen records – which is at an all time high – we have put a real monetary value on the information that resides in data centers."

Orischak hopes his new technology will prompt healthcare providers to ensure that patient and staff information is safe and getting the attention and protection to stay within the HIPAA regulations as they make the change from paper to electronic documents.

Posted by

Comments are closed.