Comments
Healthcare Data Security: Focus On 'Business Associates'
Threaded  |  Newest First  |  Oldest First
pfretty
50%
50%
pfretty,
User Rank: Moderator
3/18/2014 | 1:54:18 PM
Cost of Healthcare breaches
Understandable that healcare firms would like to keep data access closer to the vest. According to the Ponemon's 2013 Cost of Cyber Crime report (http://www.hpenterprisesecurity.com/ponemon-study-2013), cyber crime on average costs organizations within this sector $6.83 million per year.  It takes a solid mix of security intelligence, education and technology to battle the risks. 

Peter Fretty, IDG blogger working on behalf of HP
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
3/19/2014 | 9:28:52 AM
Re: Cost of Healthcare breaches
Security breaches cost healthcare organizations not only in fines and penalties, but in lost trust and reputation damage. We've seen the impact on Target and many security and healthcare pros agree that a similar situation is likely to occur within healthcare. Given the many links in the chain of healthcare relationships, it's understandable that providers are nervous about merely taking partners' assurances for granted. Yet does this industry need another layer of certification? I don't think so: If partners can prove they truly are HIPAA-compliant, then that should assure healthcare providers about the safety of sharing data with these business associates.

In reality, I believe cloud -- from a HIPAA-compliant, proven and reputable provider -- is more likely to be secure than ensuring data to a bunch of providers' on-site datacenters. After all, cloud providers focus exclusively on providing these services to customers. If they don't meet (or surpass) physical and cyber security best practices they will be out of business. How many companies can afford armed guards, the highest level of security systems, and the latest cybersecurity systems? Not many -- yet these are typical at cloud service providers.
mattt1986
50%
50%
mattt1986,
User Rank: Apprentice
3/19/2014 | 2:10:15 PM
Interesting but...
Interesting story, but the first thing that caught me was Alison Diana's avatar...her face says..."This photo was taken without much warning and I am not too happy about being in it". :)
mattt1986
50%
50%
mattt1986,
User Rank: Apprentice
3/19/2014 | 2:20:34 PM
Re: Interesting but...
OK, now a real comment. Speaking as someone in (but not necessarily representing) the healthcare data hosting industry, I can tell you that the regulatory burdens placed on BA's by HIPAA are WAY out of line with the actual threats that face our industry.

Instead of figuring out creative ways to protect and insure availability of patient data, BA's spend their time complying with onerous, mealy-mouthed and outdated regulations that have no bearing on the actual protection of patient data. Just a honey pot for auditors and lawyers.

Also, let's be honest. What are the REAL consequences if your ePHI is compromised? If your debit card is stolen, the theives drain your checking account, or god forbid your savings account, and you are ruined. If the results of your last colonoscopy are stolen, I highly doubt that could be used against you in any measurable way.

My point is, we spend a lot of time and money protecting data that has very little real value to anyone but the owner.
matsmd
50%
50%
matsmd,
User Rank: Apprentice
3/19/2014 | 9:28:38 PM
Re: Interesting but...
I don't think anyone would be very interested in your colonoscopy result. But let's say that you have recently been treated for Gonorrhea and the names of the 10 women you infected the last year also are in your file (as they would be since it's a reportable veneral disease)

Is this something you would feel comfortable sharing with your church group, your boss or your co-workers?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
3/20/2014 | 3:45:21 PM
Re: Interesting but...
Not sure whether it's reality or perception, but some people worry that that if their individual health information gets out there it could hurt them financially. You mentioned stds in your third comment: That might affect their employment or advancement opportunities at work. And while they may have successfully hidden the affliction from a partner, once it becomes public that might be more difficult to do, leading to a breakup/expensive divorce/public embrarassment. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
3/20/2014 | 3:46:59 PM
Re: Interesting but...
You can go to a bank and reset your credit card or debit card information. Although it's expensive and time-consuming, you can get your financial history reset. But your health information stays with you for life. Once it's out there and public, there's nothing anyone can do to get it back in the bottle, so to speak. I think that's the main reason people and government want to ensure it's always secure. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
3/20/2014 | 3:41:30 PM
Re: Interesting but...
Unlike my teenage daughter, I'm not that fond of having my photo taken, no! - Alison
matsmd
50%
50%
matsmd,
User Rank: Apprentice
3/19/2014 | 9:07:06 PM
How do you know
In the article above it says: "Under the exchange, business associates assess their own compliance and share the results". How would you know that a shady IT company don't lie about their complience and everything else?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Author
3/20/2014 | 3:49:41 PM
Re: How do you know
That's a definite weakness because you're relying on self-reporting. This system says the next step (which is paid for) allows partners to upload evidence -- like meeting minutes, reports, etc. -- to prove they have done what they said. The BA grants access to its partners to view the evidence (these reports don't just sit there for anyone to review). 


The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.