[ Tuesday, June 10, 2014 ]


Guest Blogger:  As you know, I occasionally allow a guest blogger or two to provide different perspectives.  Here's one:

Health IT Lag

by Michael Sculley, VP of Marketing, PracticeSuite

BitSight Technology, a security rating firm, reports that the healthcare industry needs to take a lesson from the recent data breaches experienced by Target and eBay. The BitSight report, “Will Healthcare Be the Next Retail?” warrants close attention. It analyzed security breaches and response times of four different industries: Pharmaceuticals and healthcare (healthcare), utilities, retail and finance.

The study was conducted for the year between April 1, 2013, and March 31, 2014. All sectors experienced security incidents. Finance had the fewest incidents and the fastest response time, about three-and-a-half days. Retail and utilities both responded in about four days. Healthcare had more security incidents, yet came in last in response time. It took five full days to respond to security breaches.

The fewest breaches and best response time was in the financial industry. That industry takes cybersecurity very seriously and goes beyond doing what is legally required. It takes extra steps to ensure the security of data. It also readily provides warnings to other industries whenever it becomes aware of potential security threats.

Unfortunately, neither healthcare nor pharmaceuticals view cybersecurity as seriously as they need to. It apparently has not received the appropriate attention from executives at the higher levels. Both industries need to spend more money and provide greater compensation for its data security professionals.

The two industries are in compliance with HIPAA regulations, but spend barely enough money to meet the requirements. Unfortunately, just because they are compliant does not mean they are secure.

The Bitsight report is similar to a recent SANS Institute report. That report emphasized that the healthcare industry has lagged far behind in its cybersecurity and warns that measures need to be taken to reduce risks. Breaches have become so frequent that the U.S. Department of Health & Human Services (HHS) is imposing heavy fines for a health care organization that has a compromised Internet-connected device.

The failure to take proper cybersecurity precautions can be expensive as the New York-Presbyterian Hospital recently discovered. HHS imposed a $3.3 million fine on the hospital. This is the largest penalty ever imposed for use of a compromised server in the health care industry.


You can reach Michael at msculley@practicesuite.comPracticeSuite offers billing, practice management, and other medical software products.

Jeff [3:36 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template