by
Lauren Dubinsky, Senior Reporter | April 23, 2015
From the April 2015 issue of HealthCare Business News magazine
In addition to that, we utilize advanced ‘break the glass’ technology. If an authorized care provider accesses a patient’s record but that individual is not part of the care team for that patient, the system will ask for documentation of the reason for needing to access that information. All such access instances are logged and monitored.
HCBN: What advice would you give to a hospital on how to avoid a data breach?
James Whitfill: The question about preventing a data security breach is one that can fill a week-long seminar and still not cover the topic adequately. Every major industry has been unable to protect against these breaches and the value of stolen health care identity information is increasing on the dark web. When Target, Anthem, and the U.S. government are unable to prevent these kinds of breaches, I think the warning flags are rising that we need a paradigm shift in how we approach this issue because even the best traditional approaches are failing. There is no silver bullet, but the future of our ability to manage data as a society is at risk here.
Lisa Gallagher, vice president of technology solutions at HIMSS:
With regard to security, the focus for hospitals, as well as the industry as a whole, needs to move from a compliance regime to a focus on cybersecurity. This means full, ongoing, and in-depth risk assessment.
I stress ongoing.
So, organizations need to get to the next level of sophistication and expertise in their analysis — monitoring available threat and vulnerability information, sharing information with their peers in a meaningful way, focusing on utilizing detection tools and full forensic analysis. This includes completing the risk analysis cycle, if you will, by doing post analysis on any breach or even suspicious network activity, and using post analysis to understand the threat actors and their motivations.
This will take a concerted and focused effort in the industry and also a partnership with government agencies and departments to utilize their resources, such as threat data, and their law enforcement assets. This really is a call to action for a whole new paradigm.
HCBN: Have you deployed any bring your own device (BYOD) strategies at your hospital to maintain patient privacy and avoid potential data breaches?
Edward Babakanian: My strategy is to saturate the organization with all the technology that is needed so physicians and nurses do not feel like they have to resort to using their own devices. We give them tablets, iPhones and everything else they need to carry out their business.
