- With new healthcare data breaches being reported on a weekly basis, it might seem that organizations in the industry are struggling with their health data security. However, not all industry experts are entirely pessimistic. By implementing strong administrative and technical safeguards, healthcare facilities can work to properly detect and prevent security issues.
That at least is the mindset of Lee Kim, Director of Privacy and Security for Healthcare Information and Management Systems Society (HIMSS). Kim discussed the current outlook for the healthcare industry with HealthITSecurity.com, and said that a combination of prevention and detection will go a long way.
The risks that healthcare providers face are different now because they are opening up to the electronic world, Kim explained. There are new dangers through the Internet or network environments. Moreover, electronic health information could potentially be accessed by a cyber attacker who breaks in remotely.
“Whatever you can’t prevent you really need to defend and contain as early as possible to make sure breaches are prevented,” Kim said. “And if you can’t prevent them, make sure they are as small as possible with few damaging results in effect.”
According to Kim, healthcare organizations really need to take a two-pronged approach to strong health data security. The first aspect is prevention. Healthcare providers and other players in the healthcare ecosystem really need to address the known vulnerabilities, she said.
“We need to do better by upgrading software and applying patches,” Kim explained, saying that was a good approach to remediate or mitigate certain situations.
“We shouldn’t have systems that, for example, have known vulnerabilities that have been known for 10 years,” she said. “By being proactive we can prevent that breach and we can prevent a security problem to some extent.”
The second aspect Kim discussed was defense. Essentially, she explained that when malware or a hacker gets into a healthcare system, the organization needs to proactively detect it. Having proper technical security guards, as well as well-educated and trained employees is an important part of this approach.
By containing a breach once it is detected, healthcare organizations can hopefully ensure that further damage isn’t done, Kim said.
A positive outlook
Overall though, Kim explained that in terms of privacy and security, the healthcare industry’s future looked bright. Having just attended a public workshop by the Food and Drug Administration (FDA) called “Collaborative Approaches for Medical Device and Healthcare Cybersecurity,” Kim said that many industry leaders were optimistic.
‘What’s really great is you have a lot of experts that were on the panel that really are super positive about what is actually going on in terms of education and awareness,” Kim said. “Everyone thinks what’s going on is a real positive trend.”
According to Kim, those in the industry who work for healthcare providers or wok on behalf of them, all realize that patients’ lives are at stake. Everyone understands that there is a “real responsibility to do the patient care and patient coordination.” That’s why it’s crucial to take privacy and security issues seriously in terms of threats to the information and the integrity of information, Kim explained.
“To the extent that there’s a day that goes by without a major breach or security incident, that’s a victory,” Kim said. “You have people that are actively preventing and actively defending to keep that element and component out of the industry.”
Kim likened the improvement to a learning curve, explaining that there is great improvement that is counter balanced by a few reported problems.
“If this workshop is proof of anything, we are on an upward trajectory toward positive end,” she said. “There’s no one who can ever be perfect in the cyber world, but we can always get better. There’s a genuine commitment it seems by everyone in the healthcare industry that we care about this.”