[ISN] Mitigating cyber risk as healthcare data sharing accelerates

http://healthitsecurity.com/2014/07/30/mitigating-cyber-risk-as-healthcare-data-sharing-accelerates/ By Greg Michaels HealthITSecurity.com July 30, 2014 When it comes to protecting their data, healthcare organizations are increasingly finding themselves caught between the proverbial rock and a hard place. On the one hand, healthcare reform has not only led to organizations generating vast amounts of electronic data, but has also driven the exchange and integration of this information among providers and payers on an unprecedented scale. All of this creation and sharing of electronic health information is aimed at improving patient care, realizing greater efficiencies and lowering overall costs. On the other hand, the million-dollar question—or make that the $5.6 billion question according to the Ponemon Institute’s fourth annual Patient Privacy & Data Security Study—is what happens when a healthcare organization discovers its data has been compromised, whether it be protected health information (PHI), payment card details or personal employee information? Protecting data within the organization and along the supply chain is a major challenge for healthcare entities. Most are already stretched by pressures unique to their industry—i.e., the move from paper to electronic records; the implementation for the ICD-10 code set; Meaningful Use requirements; and the HIPAA Omnibus Rule on privacy protections released last year. Add in issues commonly experienced by most businesses today—e.g., lean staffing, financial stresses—and it’s easy to see how healthcare organizations can find it difficult to dedicate the time to develop an effective information security program and proactively assess and mitigate risks. […]