Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

How Many Points of Vulnerability Do You Have in Your Healthcare Organization?

Posted on December 21, 2016 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Far too often I hear healthcare CIOs talk about all of the various electronic devices they have in their organization and how this device proliferation has created a really large risk surface that makes their organization vulnerable to breaches and other nefarious actions. This is true to some extent since organizations now have things like:

  • Servers
  • Desktops
  • Mobile Devices
  • Network Devices
  • Internet Access
  • Medical Devices
  • Internet of Thing Devices
  • etc

As tech progresses, the number of devices we have in our healthcare organizations is only going to continue to grow. No doubt this can pose a challenge to any Chief Security Officer (CSO). However, I actually think this is the easiest part of a CSO’s job when it comes to making sure a healthcare organization is secure. I think it’s much harder to make sure the people in your organization are acting in a way that doesn’t compromise your organization’s security.

As one hospital CIO told me, “I’m most concerned with the 21,000 security vulnerabilities that existed in my organization. I’m talking about the 21,000 employees.

Granted, this CIO worked at a very large organization. However, I think he’s right. Creating a security plan for a device is pretty easily accomplished. It will never be perfect, but you can put together a really good, effective plan. People are wild cards. It’s much harder to keep them from doing something that compromises your organization. Especially since the hackers have gotten so pernicious and effective in the tactics they use.

At the end of the day, I look at security as similar to child proofing your house when you have a young child. You’ll never make it 100% completely safe, but you can really mitigate most of the issues that could cause harm to your child. The same is true in your approach to securing your healthcare organization. You can never ensure you won’t have any security incidents, but you can mitigate a lot of the really dangerous things. Then, you just have to deal with the times something surprising happens. Now if we would just care as much about keeping our healthcare organizations secure as we do keeping our children safe, then we’d be in a much better place.

Zero Marginal Cost and Healthcare

Posted on I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I stumbled upon an old post from the always insightful and interesting 3G Doctor blog about the concept of ‘Zero Marginal Cost.’ Here’s a great quote they use in the post from Albert Wenger, Managing Partner at Union Square Ventures:

“Why is everyone going online? It turns out there’s a simple answer to that: Kittens. Everyone wants to see Kittens. Well there’s actually something more to this, there’s something serious to this because when I downloaded this image from Flickr there was no noticeable cost to anybody. The marginal cost of creating a copy in the digital world is zero and that is driving all the changes that we’re seeing… …and we’re just at the beginning of this change”

I love the concept of zero (or at least near zero) marginal costs. It’s the premise of so many of the amazing things we experience on the internet. What’s troubling is that healthcare hasn’t embraced the idea of zero marginal costs. At least not in the way that it could.

In healthcare, we still like to talk about how much it’s going to cost a patient to get access to their medical records. There are literally state laws which say how much you can charge. Just writing this after writing about the marginal costs of delivering something electronically makes the concept sound silly. Imagine if your bank charged you per sheet to print out your statements each month. That’s basically what we’re asked to do in healthcare.

We’ve started to see some change in this, but there’s still resistance. There’s a real, palpable feel by many in healthcare that giving free access to all of your patient info could lead to really ugly problems. While there might be a few outlier cases people could identify, I’d argue the opposite. Think about the really ugly problems that occur in healthcare because patients don’t have their health information.

It’s time for healthcare to put down their excuses and embrace the benefits that zero marginal costs of sharing health information can provide. I’m not saying we should do it recklessly. We should be thoughtful in how we do it, but we should do it. It’s no longer a technical or security challenge, it’s just a cultural challenge.