Archive for May, 2012
What We’re Reading, Week of 5/21
Posted: May 25, 2012 in HighlightsTags: IPv6, mobile, remote access
The State of Healthcare Security Breaches
Posted: May 23, 2012 in HIPAA, Industry Commentary, IT policy, MobileTags: mhealth, mobile, mobile health, Mobile Security
By Sylvia Rosen
Security breaches in are, no doubt, terrible for business owners. But when dealing with the healthcare sector, these breaches intensify in their potential for causing humiliating, or potentially, dangerous ramifications.
In 2010, 42,275 people were affected by stolen, paper healthcare records, encouraging hospitals to make the switch to electronic health records. Still, industry experts say that electronic health records are still at risk from security breaches if they aren’t handled with care. Kroll Advisory Solutions found that the frequency of healthcare data breaches has increased steadily over the past six years, and the main cause is a lack of training and awareness among staff.
“Human error by employees was a major factor in health breaches, according to respondents [in the 2012 Kroll/HIMSS Analytics Report]. Of the respondents, 79% said security breaches were initiated by an employee, and 56% said breaches occurred because employees had unauthorized access to information.” – Brian T. Horowitz, health writer at eWeek.
“Any server or other data warehouse with patient health information must be securely protected. The expanded use of mobile devices offers new operational efficiencies and increased vulnerabilities. Security steps for mobile devices should be included in the action plans so that guidelines are set.” – Lisa Gallagher, senior directory of privacy and security for HIMSS.
“Another significant takeaway [from the 2012 Kroll/HIMSS Analytics Report] is that mobile devices might be great for giving clinicians information at the point of care – but they’re not so good at keeping PHI safe. Nearly a third (31%) of respondents indicated that information available on a portable device was among the factors most likely to cause a breach (up from 2% in 2010 and 4% in 2008).” – Mike Millard, managing editor at Healthcare IT News.
“As healthcare organizations turn to sources like the cloud and like remote computing, one of the things I think that every healthcare organization should do is to look across its suite of applications, is for those they are not hosting, that are not running on a remote server, that are running in the cloud if you will. They should be asking the questions like, what logs are there, what security features are there, what record keeping is turned on? As we move toward portability of electronic medical records, as we move toward new and evolving systems of payment, you can be certain that the risk factors are going to change. So, I think the key is continual vigilance; you can never get to the point of saying it’s good enough. Because the best you can is say it is good enough right now, today, under the circumstances in which we find ourselves.” – Alan Brill, senior managing director at Kroll Inc.
Security breaches in the healthcare industry might be inevitable. But with employee training, awareness and advanced data encryption on devices, healthcare professionals stand a better chance at preventing their patients from turning into victims.
Sylvia Rosen is an online writer who writes on a variety of security topics, trends and tools such as document management systems.
Readers’ Poll – Remote Access VPN Solutions
Posted: May 18, 2012 in Readers' PollTags: enterprise security, IPsec, remote access, remote desktop, SSL, VPN
Making Mobile Health Possible, Part 2
Posted: May 17, 2012 in HIPAA, Mobile, Rethink Remote AccessTags: healthcare, IT security, mobile, mobile devices, mobile health, Mobile Security
Earlier this week, we explored the innumerable medical breakthroughs that could stem from mobile health innovations. Today, let’s consider the security considerations to enable this.
Security Must Be Paramount
Yet, considering how sensitive and valuable medical information is, proper precautions must be taken to secure this data before mobile health can become mainstream. For instance, if hackers or disloyal employees scan or manipulate health data that is sent via mobile applications, the consequences can range from embarrassment to, frankly, death. It’s easy to understand why ensuring these connections are secure is absolutely critical.
Mobile health, however, requires special VPN functionality. For instance, it requires both extremely high security and flexibility. After all, a healthcare application might use a potentially insecure public Wi-Fi network to communicate with the IT system of a hospital or a medical office. In order to maintain security in such a scenario, the VPN client must be able to automatically adapt to these security settings.
The same requirements apply to smartphones and tablets used by nurses in elderly or outpatient care. Such solutions relay patient information—from homes or hospitals—onto the central database, typically via a VPN connection. And so again, the VPN connection must be able to flexibly adapt to various network connections, given some of amount of unpredictability of the locations. Also, considering that many healthcare workers are not trained in technology, the VPNs must be easy to use, so convenience is not traded for security.
There’s no doubt mobile health offers innumerable opportunities to lower the cost of healthcare and infinitely improve efficiencies and convenience. The question is, can we ensure that this is done securely?
What’s Trending on Mobile Security?
Posted: May 30, 2012 in Industry Commentary, MobileTags: mobile, mobile devices, mobile health, Mobile Security
As we’ve see over the last several years, mobile security continues to dominate the headlines and trade show chatter. So how is the conversation around mobile security taking shape, so far, in 2012– what’s new and what can expect? Here’s a round-up of what top security experts and thinkers are predicting.
Share this: