Addressing the security risks of healthcare IT

As an IT person working for a hospice company I am constantly attempting to find a harmonious balance between implementing technological advancements and mitigating security risks. In other sectors, IT departments can have something akin to carte blanche when it comes to new technologies and services.

The world of healthcare is often a bit slower to adopt new technology for a multitude of reasons, not the least of which being the heavy amount of regulatory scrutiny that falls on providers. While new technology can lead to increased efficiency in the use of information it also tends to usher in scary new security risks. In the past this has made healthcare IT departments very gun-shy when it comes to advancements in technology regardless of the improvements they may bring in the practical use of information. More often than not these advancements were all but ignored in favor of current, secure, and comfortable systems.

But the times, as Dylan opined four and a half decades ago, they are a-changin’.

We’ve managed to achieve connectivity in ways once thought to be impossible. At any time, day or night, staff members can communicate vital information with one another through email and secure messaging. Critical business information can reach central locations from even the most distant outposts in no time at all. Our most productive computers are no longer tethered to an office desk but instead are being carried in our purses and pockets. We have unlimited communication power at our fingertips. And as every good IT nerd knows, with great power comes great responsibility.

PwC’s Health Research Institute released a report late last year which indicates that healthcare providers are beginning to explore new ways to use patient data. Nearly 75% of those responding said they have either already implemented, or plan to implement, systems which expand the use of patient data beyond the traditional means. That is a staggering number but it is followed in the report by something even more staggering: only 47% have addressed the privacy and security risks associated with that expanded use.

I have no doubt that the majority of the 75% are planning to capitalize on the fresh wave of connected technology in order to find new uses for patient data. While I applaud this step forward it is rather disheartening to see that a scant 47% have even bothered to address security risks. This should be, and must be, a statistic that is improved upon. If 75% of providers responding plan to expand the use of patient data then 100% of them should also be addressing potential security risks. We owe our patients nothing less.

My particular area of expertise does not grant me the privilege of being directly involved with our patients. While this is also true of the majority of healthcare IT professionals it does not excuse us from the responsibility that comes with contributing to overall patient care. The IT decisions we make and the technologies we implement come together to form a significant addition to the level of care our company provides to its patients. It is our duty to handle the privacy and security of our patients with the utmost care. While I believe that healthcare providers would benefit greatly from embracing advancements in technology we have to refrain from playing fast and loose with patient data simply because we want the newest and shiniest.

Someday I will move from being an employee of a healthcare provider to being a patient of one. When that happens, do I want to be with an organization that took the time to consider the privacy of my information or one that didn’t bother? In my opinion that’s a pretty easy choice.

Steve Lorenz is IT Director, Solaris Healthcare.

Submit a guest post and be heard on social media’s leading physician voice.

View 8 Comments >

Most Popular

✓ Join 150,000+ subscribers
✓ Get KevinMD's most popular stories