The medical industry faces increased challenges over the next few years regarding health care data security. Since so much of the information about patients and health delivery systems is linked between computers and available to many hospitals, the potential for data leakage is ever-present.
Importance of Health Care Data Security
According to the Health Insurance Portability and Accountability Act (HIPAA), hospitals and clinics around the United States have to take certain actions for the security of data and information about patients. At the same time, a major effort to share patients' records between caregivers has created a giant database of nearly every Americans medical record. While the increased access is beneficial to doctor-patient interaction, it also opens up a number of security concerns that cannot be fully addressed with present-day technology. Health care data security continues to be a major issue within the industry.
Above right: VA Medical Record. (Supplied by the US Department of Veterans Affairs; Public Domain; http://upload.wikimedia.org/wikipedia/en/8/8f/VistA_Img.png)
Data leakage is one of the biggest challenges to the health care industry in the 21st century. Security organizations point to the portability of information as a primary concern. Medical professionals risk the theft of data through a variety of means, most notably the loss of a laptop or movement of information using removable data storage devices like flash drives. In recent years, much of this technology has become highly disposable and also targeted for theft. This means that any information on these devices can wind up in the hands of non-approved individuals or organizations.
Social Networking Sites
As the use of social networking sites in the workplace continues to rise, there is an increased concern of the safety of data on computers in the health care industry. According to Health First, a heath care security company, these sites present a major problem in terms of accessibility from third-party sources onto sensitive computer networks.
The major problem facing security officials that would like an all-out ban on these sites, is the fact that their relevance to society continues to make them a major asset to all levels of health care organizations. Usage by certain personnel can be banned, however, a strong case for other departments can be made. For example, the human resources departments at many hospitals and clinics advocate the use of sites such as Linked In to check the status and work history of potential employees. The marketing departments of the industry utilize Facebook in strategies to generate more interest in a particular health objective or policy. Additionally, the infrastructure of the business in general has benefited from Twitter, informing potential clients or investors of status updates and important news.
Without a concrete strategy to combat the potential influx of unsecured operations from these social networking sites, health care data security continues to be a primary concern.
Potential Measures to Improve Security
A number of different methods can be used to help with health care data security. Among the most prominent is simple web filtering. This allows security within a clinic or hospital the ability to prevent access to certain websites that may pose a possible threat to the computer. Whitelisting is also used. This is a method by which only certain individuals or departments have access to sensitive information. While disk encryption can be used, putting a password or other security measures on the entire hard drive. As computers and the internet become ever more important to the delivery of health care, threats to security will also rise.
SC Magazine: http://www.scmagazineus.com/rsa-conference-health-care-information-security-pros-discuss-data-security/article/165040/