Skip to content Skip to navigation

New Report Address a Range of Health IT Security Issues in the Context of Rising Cybercrime

April 28, 2014
by Mark Hagland
| Reprints
A new research report sponsored by iHT2 looks at numerous issues around health IT security in the wake of cybercrime

According to a new research report sponsored by the Institute for Health Technology Transformation (iHT2), “Cyber criminals are increasingly targeting the healthcare industry, because medical identity theft is more lucrative than the theft of personal identification information alone. Meanwhile,” the report notes, “healthcare systems are increasingly vulnerable to attack as electronic health records spread, and as the use of web portals for information exchange with patients and providers becomes more common.

“Healthcare Security: 10 Steps to Maintaining Data Privacy in a Changing Mobile World,” was written by a collaborative group of patient care organization and vendor executives. On the patient care organization side, the authors were James Dzierzanowski, information security officer at the San Francisco-based Dignity Health, and Howard E. Halle, chief information security officer at SCL Health System (Broomfield, Colo.). On the vendor side, Chris Brooks, SVP of technology at WebMD Health Services, and Sam Curry, CTO at the Naperville, Ill.-based RSA Medical, contributed. The report can be accessed here.

Among the “best practices for security in healthcare” that the authors cite are Halle’s reporting that SCL Health System “has a policy that advises users to keep devices with them at all times, but they still leave [devices in their cars and they get] stolen… Policy is not a security control,” Halle emphasizes, and the report goes on to say that “The important thing is to make sure that any patient data on the device is encrypted.” He further notes that, “In any organization, you have to balance security with operations. It isn’t security driving operations; operations drive security, and security should be able to live in harmony with those operations.”

The report goes on to address issues around, among other elements, the integrity of information residing within hospital, medical group, and health system information networks; the relative value of antivirus software; issues around single sign-on strategies, and around mobile device management.

Since December 2013, the Institute for Health Technology Transformation (iHT2) has been in partnership with Healthcare Informatics, through its parent company, the Vendome Group LLC.





EHNAC and HITRUST Combine HIPAA Security Criteria, CSF Framework

The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) announced plans to streamline their accreditation and certification programs.

Halamka on MACRA Final Rule: “CMS is Listening and I Thank Them”

Health IT notable expert John Halamka, M.D., CIO of Beth Israel Deaconess Medical Center in Boston, recently weighed in on the Medicare Access and CHIP Reauthorization Act (MACRA) final rule.

Texas Patient Care Clinic Hit with Ransomware Attack

Grand Prairie, Texas-based Rainbow Children's Clinic was the victim of a ransomware attack on its IT systems in August, affecting more than 33,000 patients, according to multiple news media reports this week.

Healthcare Organizations Again Go to Bat for AHRQ

Healthcare organizations are once again urging U.S. Senate and House leaders to protect the Department of Health and Human Services’ Agency for Healthcare Research and Quality (AHRQ) from more budget cuts for 2017.

ONC Pilot Projects Focus on Using, Sharing Patient-Generated Health Data

Accenture Federal Services (AFS) has announced two pilot demonstrations with the Office of the National Coordinator for Health Information Technology (ONC) to determine how patient-generated health data can be used by care teams and researchers.

Is it Unethical to Identify Patients as “Frequent Flyers” in Health IT Systems?

Several researchers from the University of Pennsylvania addressed the ethics of behavioral health IT as it relates to “frequent flyer” icons and the potential for implicit bias in an article published in JAMA.