Securing healthcare data

Securing healthcare data

Summary: A story in Sunday's NY Times discusses electronic health records and the potential costs. Most of the article focuses on the potential disruption better and more accessible patient information would have in the pharmaceutical industry.

SHARE:
TOPICS: Health
3

A story in Sunday's NY Times discusses electronic health records and the potential costs. Most of the article focuses on the potential disruption better and more accessible patient information would have in the pharmaceutical industry.

Something the article doesn't cover is the disconnect between small business IT as represented by the computer systems in most doctor's offices and the need for world class privacy and interoperability.

Most doctors will turn to companies like General Electric, IBM, Microsoft, and other specialized companies in the healthcare IT space to provide the systems they need. This will largely take the problems of interoperability out of their hands. But outsourced health care systems can't make the computer at the reception desk running Windows 98 more secure.

For that to happen, most physicians will have to outsource the management of their PCs as well. (Disclaimer: I'm on the board of a company providing managed services to physicians, Direct Pointe.) Managing desktops, networks, and servers isn't sexy, but it's the foundation for using IT for any strategic purpose (like better or cheaper health care).

The problem isn't that solutions to managing PCs don't exist. They do, of course. The problem is that small business owners don't think about IT, don't want to think about IT, and aren't big enough to hire a CIO to worry about it for them. So, while managed services exist, most don't even know they need them.

HIPAA and electronic health records are going to force physicians into managed IT infrastructure. I suspect most other small businesses will continue to limp along. In the meantime, recognize that the privacy of your health data is no stronger than the information security of the PCs in your doctor's office. Scary thought.

Topic: Health

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • security risk

    The very idea of a "paperless society" is very appealing... until we start to think about possible consequences, especially with <a href="http://essentialsecurity.com/Documents/article3.htm">digital medical records</a>!
    The fact is, most of us will never really know what kind of security precautions are being taken by our doctors' office... so we'll just have to take the risk.
    On the other hand, it will be the medical office's responsibility to make sure sensitive data is secured, which will mean that smaller offices will have to invest time into researching affordable user-friendly security options.
    milal@...
  • Well, maybe

    [i]HIPAA and electronic health records are going to force physicians into managed IT infrastructure.[/i]

    In the alternative, the small healthcare provider will look at the cost of complying and stick with paper.
    anonymous
  • don't need pricey network solution for everything

    The key for small offices is to start small, and evolve their digital process over time. Start with implementing an encryption or anti-theft email solution, like <a href="http://www.essentialsecurity.com/products.htm" target="_blank">Taceo</a>, that installs on your desktop. Doctor offices can use it to not only send protected email to their patients, and vice versa, but also to their associated diagnostics centers, labs, or pharmacies. The software is affordable and the Viewer is free, so patients don't need to purchase anything to read protected emails. You're then set up for ePHI transmission compliance.

    http://www.essentialsecurity.com/products.htm
    schwana