With contributors attention concentrated on ransomware attacks and the havoc they can cause, other risky security practices are placing healthcare agencies at risk for violations, healthcare security experts claim.
While ransomware tragedies are high profile and acquire national attention in the business and famous press, healthcare data security officers require paying attention to various attacks that have lower profiles but carry merely as much risk to sufferer data, they say.
For instance, Kate Borten, president of the Marblehead Group consultancy, is worried about the massive amounts of information being shared with lax security practices by healthcare agencies. Hospitals sustain to acquire medical practices, along with their information, and share the data through a health information exchange.
“The wide open information sharing is a recipe for disaster,” she contends, because there is a greater potential for misuse of the information. Authorized clients can take benefit of their access to all this data and go snooping, while most provider agencies do not have technology to curb snooping.
Collecting relevant information on patients is typically beneficial, Borten considers. But at the similar time, there is threat of the loss of privacy with individuals possibly never being aware that their information has been inaccurately exposed.
Because so much information—not just from contributors, but also from insurers and employers—is made more easily present, an individual could incur an increase in insurance premiums or get refused disability benefits and never know why. Such examples could impact an individual’s job prospects because insurance premiums could be a major factor in employment decisions and choices.
Health-related information in mobile apps and email systems represent another risk to privacy, in accordance to Borten. “I do not have anything I do not mind persons seeing, but there are business judgments being made on the information,” she contends.
Tom Walsh, president of tw-Security, asserts that information integrity is another undervalued security concern.
For instance, verified information would go a long way toward preventing medical errors, he contends. Although, the problem of integrity is only in 2 places in the HIPAA security rule.
In one of those mentions, the National Institute of Standards and Technology wrote processes for testing data integrity merely when the information is transmitted. Although, there is nothing in the rule about whether the data is precise and reliable.
Walsh points out that Sully Sullenberger, the airline pilot that protectively landed his crippled plane on the Hudson River, introduced a new mission afterward to decrease medical errors. Estimates of errors killing 200,000 sufferers a year, Sullenberger contends, equates to twenty airliners crashing each week, which would not be acceptable in that industry, but is tolerated in healthcare. “We require forcing vendors to make in software controls to stop errors,” Walsh claims.
“Devices have inherent data security vulnerabilities, and agencies aren’t equipped to reconcile and resolve them,” he claims.
The issue persists due to a lack of leadership by the Food and Drug Administration and device manufacturers, he adds. Only recently did FDA release draft guidance for voluntary monitoring of risks and vulnerabilities already in the market. And, it is not clear if a forthcoming rule will need manufacturers and vendors to establish surveillance programs. For now, Holtzman claims, there is no indication of that.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment