IT Matters - Access control strategies to secure health care data

September 06, 2015
Kurt Mueffelmann
From the August 2015 issue of HealthCare Business News magazine
Cyber security threats, and the need to incorporate data access controls into personal and enterprise devices, plague industry worldwide. Community Health Systems, The Home Depot, JP Morgan, Sony and many others have fallen victim to sophisticated attacks that compromise sensitive information. While retail, finance and every industry in between are forced to rethink their approach to security, perhaps health care violations hit most intimately. Health care attacks go beyond just financial impact and the problem is getting worse. Late last year, Gizmodo reported on a study that found hospital hacks are skyrocketing because “hospitals are super easy to hack.” Securing access — at all touch points — to personal health information remains a challenge for health care IT. Whether it’s the precision health movement, managed care, supply chain management, or transitioning to electronic health records, providers can’t seem to find the right solution to secure data and restore patient confidence.

From drug and device makers, to hospitals and providers, to patients and families, the health care supply chain is demanding unique security approaches that disrupt traditional models of network access control, to better mitigate threats.These challenges are quite evident when addressing Health Insurance Portability and Accountability Act (HIPAA) compliance. Headline-making breaches of protected health information tell tales of astronomical numbers of medical records being accessed without permission. Besides Community Health Systems’ loss of 4.5 million patient records, Adventist Health System/Sunbelt, Bon Secours, the South Carolina Department of Health/Human Services and Anthem have also experienced major breaches. In each case, exploiting PHI was relatively easy. Collaboration across the entire value chain can alleviate much of PHI’s risk of exploitation and ensure HIPAA compliance.

Health care payor and provider compliance and risk managers are tasked with ensuring that information stays safe and is handled appropriately. How do they establish, manage and maintain an efficient access management strategy? The first step is to implement health care data policies and compliance strategies. Once you’ve specified the PHI and policies needed to cover it — as well as any other type of sensitive and or/confidential content from structured to unstructured data throughout the organization — dynamic, identity-driven security and compliance solutions provide an answer for protection.

You Must Be Logged In To Post A Comment