enterprisesecuritymag

Healthcare Digitization - Easier and More Secure

By Brian Lancaster, Vice President-Information Technology, Nebraska Medical Center

Brian Lancaster, Vice President-Information Technology, Nebraska Medical Center

Like most industries, healthcare is going through a period of rapid digitization.  This period of transformation started with a 2005 RAND study that found that widespread adoption of healthcare technology could improve health and wellness in the United States while yielding significant savings — in other words, directly addressing the cost and quality issues found in healthcare. However, at that time, roughly 23 percent of physicians were using any form of electronic medical records (EMRs), and less than 3 percent were using a fully functional system. It was the findings of RAND that full workflows would need to be adopted in order to get the benefits from the technology.  However, in 2005, there was a misalignment of incentives, the benefits of the technology went to the payers and patients, whereas the purchasers did not see those benefits.  It was that factor that resulted in the low adoption rates. 

Following the RAND study, the U.S. government introduced the Meaningful Use program as part of the 2009 Health Information Technology for Economic and Clinical Health (HITECH) Act, to encourage health care providers to show “meaningful use” of a certified EMR. In doing so, healthcare participants received incentive payments.  To get these payments, many health care providers rapidly implemented the required technology, and today, EMRs are widely adopted. However, this all happened on an aggressive timeline that shortened implementation plans. 

"A successful EMM deployment will unify user, desktop, and mobile access management"

This impacted both workflow optimization, and security controls as those areas did not keep pace with the rapid rollout of EMR functionality. Not only did the security controls not keep pace, but the risk in healthcare is also much higher as the total organizational cost of a cybersecurity breach is typically much higher than in other industries. To make matters worse, the subpar workflows initially rolled out as have been cited as a contributing factor in the current physician burnout epidemic. Thus, creating a perfect storm of a highly lucrative target that is poorly secured and mass frustration with technology from physicians. 

The security risks and physician burnout put the potential value of EMRs at risk; however, there are solutions that can make healthcare technology both easier to use and more secure. The first approach is modernizing legacy infrastructure that is supporting EMRs. This would include moving to a fully virtualized server, network, and storage. In other words, embracing software to manage the associated infrastructure required in healthcare. This provides increased visibility and management, which will allow for better diagnostics in preventing a cyber-attack as well as increase the productivity of IT staff. For example, virtualizing the network allows for micro-segmentation to be operationally feasible. This improves security as micro-segmentation provides east-west protection, transfer of data packets from server to server, as well as detailed network visibility of transmitted data for improved forensics with richer context and better troubleshooting. It also improves the productivity of the IT department as it simplifies the underlying physical network, making it easier to support, as well as is designed for automation, which makes it easier to deploy, maintain and support. 

With modernized infrastructure, there are many benefits that can be introduced to improve the user experience while making the environments more secure. One benefit is using tap and go to allow users to simply tap a badge to access their resources, saving time and clicks that have been shown to reduce physician frustration with EMRs. Additionally, with tap and go, there would be a single sign-on (SSO) implementation and centralized password management system that simplifies HIPAA and HITECH compliance making the environment more secure. 

Another key improvement to the user experience that can also improve the security posture of an organization is enterprise mobile management (EMM). A successful EMM deployment will unify user, desktop, and mobile access management. This provides improved security to patient information as  EMM will address the loss of control and visibility of enterprise data, potential data leakage or disclosure of enterprise data, protecting enterprise data from the physical loss or theft of the device and devices with compromised integrity (e.g., jailbroken or rooted devices).  More importantly, EMM will also simplify the user experience by providing one place for users to go for all their enterprise apps and having simple self-service to onboard new users and devices. This increases the productivity associated with new apps as well as improves the support process in IT as it eliminates app provisioning and password related help desk requests. 

It is through these approaches, virtualized server, network and storage, tap and go, single sign-on and enterprise mobile management that value of healthcare digitization can be fully realized as the environment will be both easier to use and more secure. 

Read Also

Leveraging Technology and Consumer Education to Reduce Fraud Risk

Leveraging Technology and Consumer Education to Reduce Fraud Risk

Jason Castillo, Head of Enterprise Fraud Management at Citizens Bank
Defining SQL Injection and Risk to your Organization

Defining SQL Injection and Risk to your Organization

Monya Demirjian, Corporate Director of Fraud, MGM Resorts International
You Want to Do What With your Data?

You Want to Do What With your Data?

Andrew Sohn, SVP - Global Digital and Analytics Srvcs, Crawford & Company
Tactical Decisions in Fighting Cyberattacks must be based on a Security Framework

Tactical Decisions in Fighting Cyberattacks must be based on a Security Framework

Mike Benjamin, Senior Director of Threat Intelligence, CenturyLink

Weekly Brief