Guest Column | October 17, 2017

IT Safety First: Top Challenges Interoperability Poses To Data Security

Establishing A Security Policy

By Jim Keener, Chief Technology Officer at Ingenious Med

As hospitals continue down the road to transitioning from fee-for-service to value-based care, it will become increasingly important for different health IT systems to communicate, exchange data and apply the information that has been exchanged. This is also known as interoperability, and it enables care teams to more effectively coordinate patient treatment. The benefits of interoperability are clear: data that has typically been kept separate by system, location or department can now be accessed and shared between physicians, specialists and administrators to ensure every party involved has a complete understanding of a patient’s status and needs. However, with so much sensitive information travelling between systems and devices, interoperability can present a potential security risk.

There are a few high-level challenges that interoperability poses to hospital IT departments, but they can all be addressed with the proper infrastructure and training.

Streamlining Login Portals

Physicians juggle the use of several different systems over the course of a typical day, which can include accessing EHRs, revenue cycle platforms and more. Even if these separate systems are interoperable, it’s likely they each have their own user portal requiring physicians to input login credentials (i.e. a username and password) for access to view and upload data. Basic best practices for ensuring data security include creating passwords that are difficult to guess and changed regularly. However, this can be a hassle to manage when a physician has multiple login credentials to remember. Physicians can’t afford to waste time typing in usernames and passwords every time they need to switch from their EHR to their charge capture solution, so the challenge is finding a setup that allows physicians a streamlined way to log on to their systems without resorting to simple passwords that are easy to guess. In this case, a possible solution is to build in a credential exchange that allows sign-in through one system to be authenticated across all the others, which in turn enables physicians to switch between their EHR and charge capture systems without having to log out.

Facilitating Data Exchange

Another issue that comes with interoperability is the process of exchanging data between systems. To ensure data security, it’s essential to ensure sensitive information is only sent where it needs it to go. This can become an issue when the systems that a physician uses all require different information and data from a diagnosis. A central system can’t take a one-size-fits-all approach that sends all elements of a patient’s information to the various connected applications. The best agnostic systems should have the ability to piece out the relevant information from a patient file and send it to the appropriate system, minimizing the moments when sensitive data is in transit between systems.

Ensuring HIPAA Compliance

External hacking attempts aren’t the only IT security threats facing hospitals. They also have to avoid using systems and practices that could potentially violate HIPPA rules and result in hefty non-compliance fines. Ensuring compliance starts with authenticating which staff members can see what kind of information when they log onto a system. For example, a hospital’s pediatrics division shouldn’t have access to cardiology data and reports. Any instance when a user is able to access information that they shouldn’t be able to is a potential HIPPA violation. The solution to this challenge is setting up user profiles with specific permissions that restrict their access only to the data they need to see. Establishing user permissions is a tedious but essential process that not only secures data, but also ensures compliance with HIPAA regulations.

Interoperability can open new doors for care coordination not only within hospital departments, but also between remote teams and consulting physicians. However, this versatility can also make it difficult to monitor and address potential threats to data security. With the proper safeguards in place and best practices taught to users, hospitals can ensure the information shared between care teams is kept secure.

About The Author

Jim Keener serves as the CTO for Ingenious Med, with more than 32 years of experience as an information technology professional. Keener is responsible for introducing innovative and technologically advanced products for continuous development of the Ingenious Med application. Previously, Keener held the position of Vice President of Development managing the design, development and support of a large scale wireless billing platform with VeriSign Inc. Prior to joining VeriSign, Keener spent 17 years at Cincinnati Bell/CBIS/ Convergys leading both domestic and international development projects in the telecom space. Keener has a B.S. from the University of Cincinnati and an M.B.A. from Northern Kentucky University.