Healthcare IT Professionals Making Data Security a Priority

Healthcare Data Security

The health IT spending intentions survey conducted by TechTarget reveals that security is a top priority in the healthcare industry. The healthcare record is a valuable target for hackers and scammers, as it contains personal information, medical history and payment information.

TechTarget's survey shows that security is at the top of the list in terms of investments by healthcare IT professionals for a second consecutive year. Scott Wallask, SearchHealthIT's editorial director, says that the number of high profile breaches in 2015 might increase the industry's security spending even more. Of note, Hollywood Presbyterian Medical Center in California paid $17,000 in bitcoin in response to a ransomware attack.

The Hollywood Presbyterian breach and others like it have forced healthcare IT workers to dig deeper in their search for technology to protect healthcare data. "We're looking at products that are more innovative in terms of how they're trying to figure out what anomalies are going on in their network," said David Higginson of Phoenix Children's Hospital.

TechTarget's survey of 181 professionals from hospitals, providers, and insurance carriers found that other technologies making their way into healthcare are not being forgotten. An infographic from the survey shows that 83 percent of these professionals plan to increase their security investment over the next year, investing specifically in business intelligence and analytics, HIPAA compliance, EHR software and mobile health.

HIPAA compliance is seeing a boost in investment as a result of compliance audits beginning this year at the order of the Department of Health and Human Services' Office for Civil Rights (OCR). These audits take a close look into compliance with HIPAA privacy, security and breach notification rules with the intention of enforcing federal healthcare privacy law.

Rob Rhodes, advisory board member of the Association for Executives in Healthcare Information Security, called 2015 the year of the breach in the wake of a high volume of attacks on healthcare data. He coined 2016 as the year of the ransomware attack, hardly a better moniker.

OCR officials announced the launch of HIPAA compliance audits in March at the HIPAA Summit in Washington, D.C. Once OCR receives a response from a healthcare organization, it then sends surveys to learn about each organization. After analysis of the survey, OCR selects a representative sample of about 200 audit subjects.

"This is the long awaited start of the tortoise moving across the start line," said David Holtzman, VP of compliance at CynergisTek, Inc. in Austin Texas. Finally, the OCR's audits are allowing the federal government to take the issue of data breach in the healthcare industry seriously.

Just two years ago, the general public did not seem to know or care about the data breach issue in healthcare, but the game has changed. Rhodes says that patient trust is going to be an advantage in the future, that good performance in an audit could be used as a marketing tool.

HIPAA audits have arrived, and with them a steady increase in the investment of HIPAA compliance. Healthcare organizations are taking the threat of data breach more seriously, and that is good news for the American public.