How Technology Can Hold You Hostage
The health industry is continuously plagued by one major threat which has been the cause for most security breaches in the recent past: The loss or theft of unencrypted devices. Updates to the federal tally of health information breaches clearly indicate that lost or stolen unencrypted computing devices are an ongoing problem with at least eight of 10 incidents added to the tally during the past month stemming from lost/stolen unencrypted devices.
It should be noted that since September 2009, when federal regulators began tracking major health information breaches, nearly 54 percent breach incidents have involved the loss or theft of unencrypted devices or storage media. Despite strict regulations enforcing the need to encrypt data, several organizations are yet to take encryption seriously. Many devices containing patient health information continue to be unencrypted due to misperceptions about the cost of encryption and potential impact on system performance. Also, in most cases the theft or loss of devices is related to negligence or carelessness of employees and the lack of awareness about security risks. While federal authorities continue to enforce HIPAA regulations with huge penalties and strict action, healthcare entities have to take necessary steps towards the protection of patient data.
The encryption provisions in Stage 2 of the HITECH Act EHR incentive program are expected to cut down the possibility of breaches since these regulations necessitate automated encryption of data stored on end-users’ devices.
However, at present the crux of the problem seems to lie in the misconceptions associated with encryption. Charles Christian, the CIO of Good Samaritan Hospital in Evansville, Ind., is of the opinion that breaches involving unencrypted devices are common partly because healthcare providers who do not have sufficient resources are hesitant to invest in encryption as they think that encryption is highly expensive.
Also, many healthcare entities tend to believe that encryption can end up impacting the performance of their systems. Dixie Baker, a member of the HIT Policy Committee’s Privacy and Security Tiger Team, which advises regulators, stresses that the latest encryption technology no longer affects the performance of computer devices, and in fact, after the initial encryption, no difference will be felt in the performance of a system.
A simpler alternative for organizations however is to adopt a comprehensive solution like SecureGRC which can not only take care of encryption requirements, but also provide all-round security to an organization’s data by conducting periodic risk assessments, managing access to sensitive data, providing end-to-end security, and by averting all possible security threats.
Related posts
