A Health Crisis

  • By Karina Sanchez
  • Oct 02, 2007

Those in the security industry know that protection doesn't just stop with police officers and first responders. Security, privacy and confidentiality are important issues in several applications. And healthcare facilities are no exception. Since 1996, when HIPAA, the Health Insurance Portability and Accountability Act, was established, healthcare facilities have been faced with even greater challenges of protecting patients' information. In essence, HIPAA is designed to address portability, confidentiality and information technology in a healthcare setting.

"What HIPAA did was create awareness that you need to start paying attention not to just security, but confidentiality, as well," said Robert Seliger, chairman and CEO of Sentillion, provider of products designed to protect the privacy of patient records and meet healthcare regulatory requirements.

When HIPAA was enacted, healthcare organizations were already using computers for back-office functions, and the new act demanded a change in organizational processes.

"Computers were everywhere, and hospitals were confronted with the need to protect those systems. Add world happenings, and spammers and hackers, and you create a recipe for awareness," Seliger said.

That's exactly what prompted healthcare associations across the country to take a hard look at how they were managing their business and how security, confidentiality and portability could be improved.

A Healthy Case
Lincoln, Neb.-based BryanLGH is a not-for-profit, locally owned healthcare organization with two acute-care facilities and several outpatient clinics, including cardiology, orthopedics, trauma, neuroscience, mental health, women's health and oncology. A statewide network allows BryanLGH to provide sophisticated mobile diagnostic treatment and services to citizens throughout the region. The organization restructured its data processes to comply with the new act.

"When HIPAA was initiated, the bar was raised in terms of the requirement of hospitals to protect the privacy and confidentiality of patient information," said BryanLGH CIO Rich Marreel. "HIPAA had a lot to do with making privacy and security a higher priority than it was before."

That, along with the JACO, the Joint Commission on hospital accreditation, which offers standards on security and confidentiality for hospitals, highlighted the need for hospitals to take charge of their data.

The first steps BryanLGH took were to review all policies and procedures it had in place. Instead of housing paper charts, it moved all of that information into electronic medical records for all patients dating back to 2000. For patients seen before that, records were transported to microfilm. With this change, the possibility of transporting hard-copy records outside of the organization is less likely.

"It helps us contain the patient information, who views it and how it's distributed. The downside is that it is electronically available, so it's susceptible to being hacked into," Marreel said. "If someone's careless with their authentication, then that information could become available to someone without the proper need to know. You always have that downside."

In general, Marreel notes, keeping the records electronically has helped the organization gain more control over patients' information, how it's distributed and accessed.

Worries About Authentication
BryanLGH has employed a single sign on product from Sentillion that helps it keep track of who's accessing what and why. The organization has done away with paper files completely, which makes its electronic files that much more important. Marreel admits to even having a security officer whose sole responsibility is to investigate any possibilities of leakage of patient information, look for holes in security and to make sure those are kept plugged up.

And one part of the security officer's job is to make sure users aren't exposing their usernames and passwords.

"But that's improved dramatically within the past few years. It used to be common practice to see people with various usernames and passwords taped somewhere," Marreel said.

Single sign on solutions are designed to allow the user to sign on once to all the applications they have rights to, eliminating the need to re-authenticate for each separate application. In addition, because of the technology's efficiency and ease of use, it has become favored among those in the healthcare industry.

"Physicians like it because they go from unit to unit, floor to floor, so they need access to their applications at each of those places," Marreel said. "Anything we can do for they physicians to make that process easier, while at the same time maintain appropriate privacy and security, we try to do it."

But industry experts have found a new breed of threats targeting the privacy and security of patients that steps away from the confines of a healthcare organization and targets patients themselves.

For Sale: Healthcare Identities
Patients are worried about keeping their medical records private, including any type of identifiable information that may go along with it<\m>Social Security number, blood type, birth date and more. But some in the industry are seeing that people aren't just targeting identities, but healthcare records, as well.

"People are stealing healthcare identities in order to receive free healthcare," Seliger said.

And due to rising healthcare costs and higher insurance rates, this crime is becoming more and more of a problem.

"I've heard of it, and fortunately we haven't had that kind of experience, but it's something that can happen at a lot of different points along the way," Marreel said.

Healthcare identities can be stolen at hospitals, in wallets, from family members, from insurance insiders and more. And it's important to keep that information as safe from tampering as possible because, as Seliger notes, it's something that will be more prevalent in the near future.

"You can see the perfect storm brewing to where this is going to become a larger problem," Selinger said.

There are regulations and standards out there to protect patients' information, healthcare organizations strive to comply with such standards, and private companies create technologies to help people protect themselves in the process. It's a trust in a healthy dose of security that can help the threats go down.

Featured

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

  • AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders

    Arctic Wolf recently published findings from its State of Cybersecurity: 2025 Trends Report, offering insights from a global survey of more than 1,200 senior IT and cybersecurity decision-makers across 15 countries. Conducted by Sapio Research, the report captures the realities, risks, and readiness strategies shaping the modern security landscape. Read Now

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

Most   Popular

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.