Health IT Must Admit It Has a Security Problem
Guest post by Renata Magurdumov, director of marketing, ColoGuard.Renata Magurdumov
If you think about it, your doctor probably knows more about you than many of your friends. Healthcare providers store a ton of sensitive data about their patients; everything from their name to their address and place of employment to their Social Security number. In other words, everything a cyber-criminal would need to steal someone’s identity.
Given how valuable that information could be in the wrong hands, you’d think that healthcare providers would use the most high-tech, modernized infrastructure and the most up-to-date security practices to keep it safe. Unfortunately, you’d be mostly mistaken.
Recently, Premera Blue Cross was the victim of a ‘sophisticated cyberattack’ that compromised the healthcare records of 11 million patients. Before that, the victim was Anthem. Before that, Aventura Hospital and Medical Center.
As a matter of fact, according to a recent Kroll study, healthcare accounted for nearly half of the client breaches that took place in 2014, followed closely by business services and higher education. This was the second year in a row that these three industries accounted for nearly two-thirds of all “client events.” What’s more, only 30 percent of the breaches in healthcare were the direct result of hacking.
That means that the other 70 percent were the result of human error – of negligence, poor security practices or ignorance. For an organization whose collection of data can quite literally ruin lives by falling into the wrong hands, this is unacceptable. And it’s going to get worse before it gets better.
“I believe that healthcare IT systems are fragile and highly vulnerable today,”writes CIO Paddy Padmanabhan. “This, combined with the sophistication of hackers and the rising attractiveness of healthcare data in the black market, makes healthcare a huge target for disruption in 2015.”
The Rocky Relationship Between Healthcare and IT
Part of the problem is that many decision makers in healthcare have a serious attitude problem where technology is concerned. They simply don’t realize how important it is. Healthcare IT is often marginalized and undersold, with CIOs struggling simply to keep their departments afloat – if it’s not simply contracted out to third parties.
“While healthcare costs in the US as a percentage of GDP are the highest in the world, healthcare IT spend as a percentage of revenues is among the lowest across various industry sectors,” continues Padmanabhan. “Healthcare CIOs are constantly challenged to do more with less, and face budget cuts year after year.”
The end result of this is that many hospitals view technology as a hindrance. It’s obtuse, frustrating and poorly implemented – because their IT departments lack the resources to make it anything but. Writing for the New York Times, leading healthcare analyst Robert M. Wachter recounts how a job ad last year listed the fact that it didn’t have digital databases as a plus.
“In today’s digital era,” writes Wachter, “a modern hospital deemed the absence of an electronic medical record system to be a premier selling point. That hospital is not alone.”
“A 2013 RAND survey of physicians found mixed reactions to electronic health record systems, including widespread dissatisfaction,” he continues. “Many respondents cited poor usability, time-consuming data entry, needless alerts and poor workflows.”
Worse still, even those hospitals that have successfully implemented modern IT are fighting an uphill battle to figure out how it all works. They grew so accustomed to the way things were, says Wachter, that they found themselves utterly unprepared for a shift which was, for all intents and purposes, years in the making. They were complacent – and now they’re paying for it.
“Whopping errors and maddening changes in workflow have even led some physicians to argue that we should exhume our three-ring binders and return to a world of pen and paper,” he says. “That argument is utterly unpersuasive. Healthcare, our most information-intensive industry, is plagued by demonstrably spotty quality, millions of errors and backbreaking costs. We will never make fundamental improvements in our system without the thoughtful use of technology.”