Oct 3
2013
Healthcare Providers: Are You Providing Enough Data Security?
Guest post by Arron Fu, vice president of software development at UniPrint.
CIOs and IT professionals in healthcare organizations are tasked with achieving a balance between the demand for universal access to information and the need to ensure security. A recent report published by the Ponemon Institute and the Health Information Trust Alliance shows that the healthcare industry continues to struggle with curbing data breaches. According to the report, about 94 percent of the 80 participating healthcare organizations experienced at least one data breach of which they were aware in the past two years. Such breaches cost healthcare entities about $7 billion annually in the US alone.
While there is no shortage of companies that state that they go to great lengths to protect sensitive digital data, it’s rare to find a company that extends security measures to documents once they have been sent to a printer. Within an enterprise network, access to certain digital documents is restricted and limited only to those who are assigned the right to access those documents. But even a simple mistake like collecting the wrong document from a shared printer can also lead to a serious security breach. Why then does the security conversation stop when it comes to printed documents?
Profile of a Healthcare Professional
Healthcare mobility. Historically, healthcare professionals have always been mobile workers. Healthcare personnel rarely stay in one location, as they are often moving from one patient’s room to another, etc. This mobility also extends to the way documents are exchanged between staff, which creates a unique workstyle requirement where medical professionals need secure, location-based access to information at any given time.
Reconciling data and applications. Just as businesses are trying to better manage the large amounts of information within an enterprise to increase profitability, the healthcare industry today generates data that must be tracked and analyzed to improve healthcare delivery. These large amounts of healthcare data are tracked in different applications which are sometimes disjointed, making it difficult to provide a holistic picture of a patient’s health. The challenge of reconciling data along with the high volume of printing and multi-parts printing associated with healthcare records can present a logistical IT headache for medical offices, as well as potential privacy breaches.
Security implications of BYOD. Employees are buying smartphones and tablets in record numbers and in some cases are insisting that they use their personal devices to connect to corporate systems, with or without the IT department’s approval. Healthcare organizations will need to decide whether those mobile devices can be used to access patient health information or used as part of a medical office’s internal systems. Steps must be taken to ensure that data security and patient privacy extend to mobile devices and the internal applications that employees can access.
Going Beyond the Quick Fix
The mobile work styles of medical professionals, privacy regulations and IT trends of today mean that the healthcare industry must enable end-to-end document security while streamlining access to data. Traditionally, when employees have raised concerns over document security, organizations have implemented quick fixes (i.e. by assigning personal printers) and ad hoc solutions, which rarely offer a long-term resolution to the problem.
For a solution that addresses the heart of the problem, healthcare organizations can look at a secure follow-me IT model, which enables anytime, anywhere, any device data access and printing capabilities for medical workers. Security features can be added to ensure the appropriate person is able to pull or release data – whether that’s within a shared database or through a shared printer. The document will not be released until the user requesting the information is present at the printer or computer device.
Additional layers of security can be added through technologies such as PIN, smartcard and Radio Frequency Identification (RFID), which enable single or multiple factor authentication to create a highly secure data access landscape. Any card can be converted into a smart card which when swiped on location will release pending documents only to the authenticated user. While some healthcare offices have implemented an IT environment that enables staff to access their own desktop from any computer terminal using smart cards, this same secure, virtual access is often missing from printers.
For the heavily-regulated healthcare industry, having a tracking and archiving technology in place can help monitor employee IT behavior. Once a data breach occurs, organizations often conduct an investigation on the potential source of the leak. Records of what documents were printed by specific users can help any organizations minimize the amount of resources spent on tracking down the point of data breach, with the added benefit of providing visibility to management on how resources are being utilized.
End-to-end document security should be a prominent part of any healthcare security strategy. This means looking at the security of digital data, as well as printed data. It’s useless to spend time, money and resources protecting electronic documents when neglected printed documents can easily sidestep a healthcare company’s regulatory and security measures. The good news is that simple, reliable and cost-efficient technology is on hand to safeguard these environments, ensuring that sensitive information is as secure on paper, as it is in soft form.