CIO’s and IT professionals in healthcare organizations are tasked with achieving a balance between the demand for universal access to information and the need to ensure security. As Sheranga Jayasinghe, Director, Information Technology at Canada’s Sunrise Health Region says, “By its very nature, healthcare creates a number of unique challenges, from a highly mobile workforce to government-mandated patient confidentiality requirements.” The move toward electronic health records (EHRs) and pressure from regulations like HIPAA, which restricts the number of eyes permitted to see an individual’s confidential information, will only continue to grow.
Despite these drivers, a recent report published by the Ponemon Institute and the Health Information Trust Alliance shows that the healthcare industry continues to struggle with curbing data breaches. According to the report, about 94 percent of the 80 participating healthcare organizations experienced at least one data breach of which they were aware in the past two years. Such breaches cost healthcare entities about $7 billion annually in the US alone.
By Arron Fu, VP of Software Development at UniPrint. Arron looks at healthcare work environments and explores the role that technology can play in safeguarding and streamlining data.
CIO’s and IT professionals in healthcare organizations are tasked with achieving a balance between the demand for universal access to information and the need to ensure security. As Sheranga Jayasinghe, Director, Information Technology at Canada’s Sunrise Health Region says, “By its very nature, healthcare creates a number of unique challenges, from a highly mobile workforce to government-mandated patient confidentiality requirements.” The move toward electronic health records (EHRs) and pressure from regulations like HIPAA, which restricts the number of eyes permitted to see an individual’s confidential information, will only continue to grow.
Despite these drivers, a recent report published by the Ponemon Institute and the Health Information Trust Alliance shows that the healthcare industry continues to struggle with curbing data breaches. According to the report, about 94 percent of the 80 participating healthcare organizations experienced at least one data breach of which they were aware in the past two years. Such breaches cost healthcare entities about $7 billion annually in the US alone.
The point of weakness for data security within a healthcare setting could come from a number of sources. While there is no shortage of companies who state that they go to great lengths to protect sensitive digital data, it’s rare to find a company that extends security measures to documents once they have been sent to a printer. Within an enterprise network, access to certain digital documents is restricted and limited only to those who are assigned the right to access those documents. But even a simple mistake like collecting the wrong document from a shared printer can also lead to a serious security breach. Why then does the security conversation stop when it comes to printed documents?
Profile of a Healthcare Professional
In order to understand the immense challenge facing healthcare organizations in figuring out how to increase data security while continuing to streamline access to health records, it’s useful to begin by looking at the work environment of medical professionals today and where potential data breaches can happen.
Healthcare mobility. Healthcare professionals have always been extraordinarily mobile workers, even before mobility became an enterprise buzzword. Healthcare personnel rarely stay in one location, as they are often moving from one ward or patient’s room to another or delivering lab results to different departments. This mobility also extends to the way documents are exchanged between the healthcare staff. For example, doctors will often send prescriptions to nurses for printing which are then given to the patient. This creates a unique workstyle requirement where medical professionals need secure, location-based access to information at any given time.
Reconciling data and applications. Just as businesses are trying to make sense of big data and how to better manage the large amounts of information within an enterprise to increase profitability, the healthcare industry today generates data that must be tracked and analyzed to improve healthcare delivery. These large amounts of healthcare data are tracked in different applications, which are sometimes disjointed, making it difficult to provide a holistic picture of a patient’s health. The challenge of reconciling data along with the high volume of printing and multi-parts printing associated with healthcare records can present a logistical IT headache for medical offices, as well as potential privacy breaches. A simple mistake made when compiling medical records can mean patient information landing in the wrong hands.
Security implications of BYOD. Employees are buying smartphones and tablets in record numbers and in some cases are insisting that they use their personal devices to connect to corporate systems, with or without the IT department’s approval. While the adoption of tablets in hospitals is still limited today, healthcare organizations will need to decide whether those mobile devices can be used to access patient health information or used as part of a medical office’s internal systems. Along these lines, steps must be taken to ensure that data security and patient privacy extend to mobile devices and the internal applications that employees can access.
Going Beyond the Quick Fix
The mobile workstyles of medical professionals, privacy regulations and IT trends of today mean that the healthcare industry must enable end-to-end document security while streamlining access to data. Traditionally, when employees have raised concerns over document security, organizations have implemented quick fixes (i.e. by assigning personal printers) and ad hoc solutions, which rarely offer a long-term resolution to the problem.
For a solution that addresses the heart of the problem, healthcare organizations can look at a secure follow-me IT model, which can enable anytime, anywhere, any device data access and printing capabilities for medical workers. Security features can be added to ensure the appropriate person is able to pull or release data – whether that’s within a shared database or through a shared printer. Simply, the document will not be released until the user requesting the information is present at the printer or computer device.
Additional layers of security can be added through technologies such as PIN, smartcard and Radio Frequency Identification (RFID), which enable single or multiple factor authentication to create a highly secure data access landscape. Any card, be it a credit, debit card or access card can be converted into a smart card which, when swiped on location, will release pending documents only to the authenticated user. While some healthcare offices have implemented an IT environment that enables staff to access their own desktop from any computer terminal using smart cards, this same secure, virtual access is often missing from printers.
For the heavily-regulated healthcare industry, having a tracking and archiving technology in place can help monitor employee IT behavior. Once a data breach occurs, organizations often conduct an investigation on the potential source of the leak. Records of what documents were printed by specific users can help any organizations minimize the amount of resources spent on tracking down the point of data breach, with the added benefit of providing visibility to management on how resources are being utilized.
End-to-end document security should be a prominent part of any healthcare security strategy. This means looking at the security of digital data as well as printed data. Security policy can no longer stop at a company’s doors, it must travel within the company and make its way to every nook and cranny of the business to be truly protected, and this includes printing. It’s useless to spend time, money and resources protecting electronic documents when neglected printed documents can easily sidestep a healthcare company’s regulatory and security measures. The good news is that simple, reliable, flexible and cost-efficient technology is on hand to safeguard these environments, ensuring that sensitive information is as secure on paper, as it is in soft form.
