“None of us wants to think that we’re the ‘weakest link’ in the healthcare information supply chain,” said Frank Grant, Senior Director, U.S. Healthcare at Cisco, which helped to fund a new survey on information security in the medical field.
There are several ways of storing and transferring personal health care information and companies across the world are adapting many new techniques as well. This may be unintentional in many cases but the sensitive information is at greater risk of being compromised. There exists an urgent need of a standard framework for minimizing this risk in order to help the health care executives. Sets of clearly defined guidelines would certainly facilitate “more accurate assessment and third party accreditation”, says Frank Grant.
‘HITRUST’, a private business that is trying to standardize a system of information sharing as well as security across the medical industry, commissioned a survey of health care industry professionals who were responsible for the security of the information stored and transfers by their respective employers. The survey was conducted by ‘KRC Research’.
The survey put into numbers, information that was pretty widely accepted throughout the industry. 144 of the 150 executives interviewed shared the opinion that standardizing the security of information industry wide is important. 85% of those surveyed think that a cooperative effort across the industry is needed to develop an all inclusive framework that encourages uniformity. The first step in that process would be establishing standards which are not currently provided by HIPAA (Health Insurance Portability and Accountability Act).
As with anything, a major driving force behind the push towards improved security is the potential loss of revenue that could be generated by a loss of patients’ trust. By adopting a standard method of securing sensitive personal medical information; both in storage and when being transferred, industry executives believe they can reduce the risk posed by advancing technology and the ever changing threats that go along with those advances.
While most of the industry feels that cooperation throughout the industry will be the best way to accomplish a standardized infrastructure for security, only 23% feel that would be possible right now. The rest of the executives surveyed felt that level of cooperation didn’t exist yet.
While most executives feel that there security is at least good, they have real concerns about their business partners as well as competitors. While this contributes to the lack of cooperation, due to most companies feeling their involvement would be unnecessary, because their security is fine. This feeling that their business partners are not doing enough may also be what leads to industry wide improvement in security even without a standardized infrastructure. Many companies are now requiring business parties to go through third party audits of their security before they will conduct business with them. As company after company is scrutinized by outsiders the overall security of the industry improves one by one.
The final portion of the annual survey discussed the government’s potential role in industry wide security. The idea was met with disapproval by most executives. Sighting lack of contact with the market it would be securing, late implementation of new technology, as well as their poor record of secure data storage.