Navigating Compliance vs. Productivity in Healthcare IT Security

In recent years—and especially surrounding the launch of the Affordable Care Act (ACA) and—the healthcare industry has focused more and more on compliance (some would even argue that compliance has taken precedent over patient care). Yet many healthcare professionals are still unaware of what is and is not within the boundaries of regulatory requirements.

What does the Health Insurance Portability and Accountability Act (HIPAA) actually say? Does your organization apply to its requirements? While these may be somewhat easy questions for IT professionals, surprisingly, many frontline workers can’t answer them. General awareness around information security isn’t much better, either.

The more important question to ponder: Has your IT staff created an environment that caters to information security, compliance, and patient care?

Security and compliance vs. productivity and care

Despite a glaring lack of general awareness, the core issues that hamper security and compliance initiatives run much deeper than a lack of education.

The real problem lies with healthcare IT departments, which often make it incredibly difficult—if not impossible—for providers to deliver fast and efficient care in a secure, compliant manner. Often, IT policies and technology become a roadblock, forcing doctors and nurses to make a pretty tough decision to bypass IT policies to deliver care faster and more efficiently, or work within the boundaries of security and compliance, but risk delaying patient care. For most care providers, the choice is an easy one: Providing quick, high-quality care wins every single time.

Of course, it’s hard to argue that prioritizing patient care is wrong, but in doing so, many healthcare professionals are turning to insecure, third-party tools to get the job done. While this can speed up day-to-day work, it puts confidential patient information at risk, and represents a major breach in compliance.


Cost of breaches, compliance rise

According to the Ponemon Institute’s “2013 Cost of a Data Breach Study,” 94 percent of surveyed healthcare organizations had experienced a data breach within the past two years. In the first quarter of 2013 alone, more than 875,000 records were exposed via breaches. The study also shows that the cost of data breaches is on the rise—up to a potential $1.5 million per record lost after the HIPAA Omnibus rule went into effect September 2013.

Bridging the gap between IT and health professionals is an absolute necessity to keep security breaches to a minimum. Here are five ways IT can better collaborate with care providers to eliminate data breaches and prioritize patient security.

1. Walk in your colleagues’ shoes Expectations around information sharing have transformed dramatically in the past couple of years. Are your IT policies and file-sharing technologies evolving with them?

2. Eliminate destructive habits A portion of that responsibility is limiting the insecure and non-compliant tools available to medical professionals. When employees are in a time crunch, it is tempting to fall back on technology that is more familiar and user friendly than what is available internally.

3. Provide secure, encrypted, productivity-enabling tools If your department takes action to prohibit the use of certain ways of doing business, be sure you’re providing a reasonable alternative solution that meets your end users’ day-to-day business needs. It is IT’s responsibility to equip its staff with secure and easy-to-use tools that protect data in motion. These tools need to meet all regulatory requirements, including the most recent changes to HIPAA and ACA.

4. Educate employees around security risks IT knows the boundaries of security and compliance. It is critical to educate the workforce around the organization’s policies as well as overarching regulatory requirements set at a federal level.

5. Drive adoption Health providers can tell you what they need most when working with patients onsite or remotely, but they do not (usually) understand IT. Collaborate with them on which tools are most appropriate for their day-to-day circumstances, and develop safeguard policies to protect patient data.


Read the full article at