Skip to content Skip to navigation

Let’s Make Data Protection an Industry-Wide New Year’s Resolution

January 4, 2013
| Reprints

Happy New Year! I hope everyone had a great holiday and got to spend some time with their families.

With the dawn of a new year, resolutions become the trend du jour for about two weeks before everyone finds something else to focus on. It’s great to have resolutions;  I’ve had many in my life, most of which end up getting inevitably ignored.

For those in the healthcare industry, there are countless things that could be filed under, “New Year’s resolution.” Just last week, I posted a podcast interview with Jason Fortin, senior advisor at Impact Advisors, on what providers’ resolutions should be when it comes to Stage 2 of meaningful use. If you’re a CIO at a hospital or health system that is attesting to meaningful use, I highly recommend it.

Yet, I think there is a more important “resolution” out there for CIOs and other IT leaders at hospitals, if that seems possible. It involves data security.

There is a huge problem in healthcare in relation to data security. A month or so ago, the Ponemon Institute reported 94 percent of healthcare organizations have suffered at least one data breach, while an astounding 45 percent of organizations have experienced more than five data breaches during the past two years. That wasn’t the only study last year that had reported theobvious: this is a serious issue in the industry.

I saw a quote in an article in The Washington Post this week that really opened my eyes. It was from Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University. Rubin said, “I have never seen an industry with more gaping security holes.”

That is as damning a statement as I’ve read. Maybe it’s accurate, or maybe it’s an exaggeration. Either way, no one can argue that the healthcare industry needs to wake up and do better.

That article was about the flaws in various EMR software solutions. While hacking is clearly a growing problem, as evidenced by stories like what happened to the Surgeons of Lake County, Libertyville, Ill. Much of what is going on is through carelessness, according to Michael ‘Mac’ McMillan, chair of the HIMSS Privacy & Policy Task Force, and co-founder and CEO of CynergisTek Inc., a health information security and regulatory compliance firm located out of Austin, Texas,. As in this is an issue that can easily be avoided.

This simply can’t go on. No organization, with hundreds or thousands of workers, will ever be perfect. But these organizations, and we’re talking big and small, need to improve.

If there’s a silver lining, it’s what Larry Ponemon, head of the Ponemon Institute, told me in a podcast recently. He said the increasing number of reported breaches is actually a sign of progress. Since the institute started tracking data, he says, the number of breaches has gone up because organizations are actually reporting them (thanks in part to the government).

“When we started tracking this in 2010, it was clear lots of breaches weren’t noticed, they weren’t recorded,” Ponemon says. “The fact we have more data breaches could mean we’re better at detecting data breaches.”

Let’s hope in 2013, organizations are not only better at detecting them, but preventing them as well.

Please feel free to respond in the comment section below or on Twitter by following me at @HCI_GPerna.