Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Despite Abundance of Threats, Few Providers Take Serious Steps To Protect Their Data

Posted on July 27, 2017 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

I scarcely need to remind readers of the immensity of the threats to healthcare data security out there. Not only is healthcare data an attractive target for cybercriminals, the aforementioned keep coming up with new ways to torture security pros (the particularly evil ransomware comes to mind).

Unfortunately, healthcare organizations are also notorious for spending too little on data security. Apparently, this also extends to spending money on information security governance or risk management, according to a new study.

The study is sponsored by Netwrix Corp., which sells a visibility platform for data security and risk mitigation and hybrid environments.  (In other words, the following stats are interesting, but keep your bias alert on.)

Researchers found that 95% of responding healthcare organizations don’t use software for information security governance or risk management and that just 31% of respondents said they were well prepared to address IT risks. Still, despite the prevalence of cybersecurity threats, 68% don’t have any staffers in place specifically to address them.

What’s the source of key IT healthcare security threats? Fifty-nine percent of healthcare organizations said they were struggling with malware, and 47% of providers said they’d faced security incidents caused by human error. Fifty-six percent of healthcare organizations saw employees as the biggest threat to system availability and security.

To tackle these problems, 56% of healthcare organizations said they plan to invest in security solutions to protect their data. Unfortunately, though, the majority said they lacked the budget (75%), time (75%) and senior management buy-in (44%) needed to improve their handling of such risks.

So it goes with healthcare security. Most of the industry seems willing to stash security spending needs under a rock until some major headline-grabbing incident happens. Then, it’s all with the apologies and the hand-wringing and the promise to do much better. My guess is that a good number of these organizations don’t do much to learn from their mistake, and instead throw some jerry-rigged patch in place that’s vulnerable to a new attack with new characteristics.

That being said, the study makes the important point that employees directly or indirectly cause many IT security problems. My sense is that the percent of employees actually packaging data or accessing it for malicious purposes is relatively small, but that major problems created by an “oops” are pretty common.

Perhaps the fact that employees are the source of many IT incidents is actually a hopeful trend. Even if an IT department doesn’t have the resources to invest in security experts or new technology, it can spearhead efforts to treat employees better on security issues. Virtually every employee that doesn’t specialize in IT could probably use a brush up on proper security hygiene, anyway. And retraining employees doesn’t call for a lot of funding or major C-suite buy-in.

The Importance of Information Governance in Healthcare – Where Should We Start?

Posted on July 14, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

As more and more health data is being captured be health organizations, health information governance is becoming an extremely important topic. In order to better understand what’s happening with health Information Governance, I sat down with Rita Bowen, Senior Vice President of HIM and Privacy Officer at HealthPort, to talk about the topic. We shot these videos as one long video, but then chopped them up into shorter versions so you could more easily watch the ones that interest you most. You can find 3 of the videos below and 2 more over on Hospital EMR and EHR.

The State of Information Governance

What’s HIM’s Role in Health Information Governance?

Where Should We Start with Information Governance?

Defining the Legal Health Record, Ensuring Quality Health Data, and Managing a Part-Paper Part-Electronic Record – Healthcare Information Governance

Posted on January 20, 2015 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

This post is part of Iron Mountain’s Healthcare Information Governance: Big Picture Predictions and Perspectives Series which looks at the key trends impacting Healthcare Information Governance. Be sure to check out all the entries in this series.

Healthcare information governance (IG) has been important ever since doctors started tracking their patients in paper charts. However, over the past few years, adoption of EHR and other healthcare IT systems has exploded and provided a myriad of new opportunities and challenges associated with governance of a healthcare organization’s information.

Three of the most important health information governance challenges are:
1. Defining the legal health record
2. Ensuring quality health data
3. Managing a part-paper, part-electronic record

Defining the Legal Health Record
In the paper chart world, defining the legal health record was much easier. As we’ve shifted to an electronic world, the volume of data that’s stored in these electronic systems is so much greater. This has created a major need to define what your organization considers the legal health record.

The reality is that each organization now has to define its own legal health record based on CMS and accreditation guidelines, but also based on the specifics of their operation (state laws, EHR options, number of health IT systems, etc). The legal health record will only be a subset of the data that’s being stored by an EHR or other IT system and you’ll need to involve a wide group of people from your organization to define the legal health record.

Doing so is going to become increasingly important. Without a clearly defined legal health record, you’re going to produce an inconsistent release of information. This can lead to major liability issues in court cases where you produce inconsistent records, but it’s also important to be consistent when releasing health information to other doctors or even auditors.

One challenge we face in this regard is ensuring that EHR vendors provide a consistent and usable data output. A lot of thought has been put into how data is inputted into the EHR, but not nearly as much effort has been put into the way an EHR outputs that data. This is a major health information governance challenge that needs to be addressed. Similarly, most EHR vendors haven’t put much thought and effort into data retention either. Retention policies are an important part of defining your legal health record, but your policy is subject to the capabilities of the EHR.

Working with your EHR and other healthcare IT vendors to ensure they can produce a consistent legal health record is one strategic imperative that every healthcare organization should have on their list.

Ensuring Quality Health Data
The future of healthcare is very much going to be data driven. Payments to ACO organizations are going to depend on data. The quality of care you provide using Clinical Decision Support (CDS) systems is going to rely on the quality of data being used. Organizations are going to have new liability concerns that revolve around their organization’s data quality. Real time data interoperability is going to become a reality and everyone’s going to see everyone else’s data without a middleman first checking and verifying the quality of the data before it’s sent.

A great health information governance program led by a clinical documentation improvement (CDI) program is going to be a key first step for every organization. Quality data doesn’t happen over night, but requires a concerted effort over time. Organization need to start now if they want to be successful in the coming data driven healthcare world.

Managing a Part-Paper Part-Electronic Record
The health information world is becoming infinitely more complex. Not only do you have new electronic systems that store massive amounts of data, but we’re still required to maintain legacy systems and those old paper charts. Each of these requires time and attention to manage properly.

While we’d all love to just turn off legacy systems and dispose of old paper charts, data retention laws often mean that both of these will be part of every healthcare organization for many years to come. Unfortunately, most health IT project plans don’t account for ongoing management of these old but important data sources. This inattention often results in increased costs and risks associated with these legacy systems and paper charts.

It should be strategically important for every organization to have a sound governance plan for both legacy IT systems and paper charts. Ignorance is not bliss when one of these information sources is breached because your organization had “forgotten” about them.

The future of reimbursement, costs, quality of care, and liability in healthcare are all going to be linked to an organization’s data. Making sure your data governance house is in order is going to be a major component in the success or failure of your organization. A good place to start is defining the legal health record, ensuring quality health data, and managing a part-paper part-electronic record.

Join our Twitter Chat: “Healthcare IG Predictions & Perspectives”

On January 28th at 12:00 pm Eastern, @IronMtnHealth is hosting a Twitter chat using #InfoTalk to further the dialog. If you have been involved in governance-related projects, we’d love to have you join. What IG initiatives have shown success for you? How have you overcome any obstacles? What do you see as the future of IG? Keep the conversation going during our “Healthcare IG Predictions & Perspectives” #InfoTalk at 12pm Eastern on January 28th.