Austin, Texas: April 2, 2009 –The American Recovery and Reinvestment Act1 (ARRA), which was signed by President Barack Obama on February 17, 2009, offers financial incentives for healthcare institutions across the United States to invest in technology and convert medical records to electronic formats. The ARRA includes more than $21 billion of funding in technology investments, much of which will be allocated to Healthcare IT departments.
These incentives will revolutionize record keeping in the healthcare industry, making medical records available throughout hospitals on mobile computers, tablet PCs, and shared terminals. With this accessibility and increased efficiency, healthcare providers need to be aware of and address the vulnerabilities of such systems to data breaches and theft. Absolute® Software Corporation, the leading provider of firmware-based, patented, computer theft recovery, data protection and IT asset management solutions, has more than a decade of experience with the security risks and privacy issues that accompany the use of mobile IT assets, as well as the necessity for a multi-layered approach to security.
According to a recent study from Health Industry Insights2, an IDC Industry Insights company, the economic stimulus package will advance technology investment among healthcare organizations over the next four years, with spending levels potentially reaching $70 billion by 2013.
“The ARRA creates significant new requirements for healthcare organizations to proactively manage the security of digital patient information” Scott Lundstrom, VP Research for Health Industry Insights. “Electronic medical record implementations will be held to strict standards designed to protect the privacy of individual medical records. Meeting the standards will be a challenge - the dynamic nature of healthcare coupled with the move to mobile computing platforms makes the proper security of patient information especially difficult. Confidential information, including patient records, social security numbers and more can be compromised if healthcare organizations are not taking the proper precautions.”
“Securing patient data should be a priority among healthcare organizations,” says Brad Myrvold, Manager of Desktop Technology at Allina Hospitals & Clinics. “When electronic protected health information records are compromised, hospital systems lose the trust of current, past and prospective patients. That’s why we have taken a multi-layered approach to mobile data security including encryption, remote data delete and computer theft recovery solutions.”
As the new era in digital patient information begins, Absolute Software has mapped out best practices for keeping data secure in healthcare institutions.
Top Five Healthcare Practices for Keeping Data Secure3:
- Know the Consequences of a Data Breach. If the consequences of a data breach are known throughout the organization, employees will understand the importance of preventing them. Preventing data breaches should be a top priority at healthcare organizations. According to a recent study from the Ponemon Institute,4 organizations that experienced a data breach in 2008 paid an average of $6.6 million to rebuild their brand image and retain their customers. The study also found that healthcare companies lost the most business resulting from data breaches compared to any other industry.
- Assess your Organization’s Situation. Every healthcare facility is different, varying not only in size but also in methods and protocols. Healthcare managers should properly assess all areas of the facility where confidential data may be stored, then determine who has access to them and how they are being protected. Before an organization can begin to streamline its IT security, it must have a firm understanding of what it needs to protect.
- Implement a Comprehensive Data Security Plan. Healthcare facilities should institute a comprehensive data security plan to protect computing assets and sensitive information. Even with encryption in place, 56% of employees disable their company-issued encryption solution.4 Security and asset management solutions such as Absolute Software’s Computrace® should be part of a multilayered approach in protecting organizational computers. Absolute Software’s Computrace has the ability to track and recover missing laptops as well as to remotely delete sensitive files. Computrace Mobile by Absolute Software allows IT managers to monitor and protect smart phones in a similar fashion.
- Secure Data on Mobile Computers. Sensitive data must be protected on all computers, especially mobile computers. The more hospitals use mobile computers and PDAs, the higher the risk theft and data ending up in the wrong hands. A multi-layered approach to data security and theft is necessary to protect these assets.
- Create a Data Breach Policy. With more sensitive data being stored electronically, it is vital for healthcare organizations to have data breach contingency plans in place. In the event of a data breach, there should be a standard procedure in place to minimize damage and for timely notification of supervisors, law enforcement, patients and the media, as necessary. It is best to be proactive as opposed to reactive when handling something as time sensitive and serious as a data breach.
“President Obama’s plan gives healthcare organizations a much-needed incentive to turn the corner when it comes to digitizing medical records,” said John Livingston, CEO of Absolute Software. “But, with this bold investment in healthcare IT comes great responsibility. If patient information is not protected properly, data breaches can pose serious short and long-term consequences for all involved.”
1 For complete text of The American Recovery and Reinvestment Act (ARRA), please click here
2 Health Industry Insights: “Business Strategy: Capturing Your Share of the American Recovery and Reinvestment Act,” March 2009. To read the entire study, please click here
3 Absolute Software’s expertise is limited to general procedures and technologies that may be of assistance in protecting electronic protected health information and other sensitive data. While the Company believes these best practices, if followed by healthcare organizations, may be effective in assisting the protection health information, Absolute does not assume any responsibility for the misuse, misinterpretation or inappropriate application of these best practices by organizations.
4 Survey of business managers. Ponemon Institute, LLC: “The Human Factor in Laptop Encryption,” Dec 2008.