As healthcare organizations transition from paper to electronic health records, an enormous opportunity exists to improve healthcare delivery through greater data transparency. For instance, cross-referencing prescriptions can identify potential drug interactions and improve patient outcomes. Such advances, however, bring along an enormous increase in the possibilities for breaches in privacy and security—particularly with unsecured end-user devices, such as smart phones. Health IT leaders must balance the needs of their stakeholders for relevant and timely information with mandated compliance requirements and the total cost of operating and sustaining their systems securely.
How do you make smart, cost-effective, and prioritized decisions that protect the security and privacy of your patients? Before you can make a prognosis, you need to assess the situation by running diagnostic tests. In the case of privacy and security, you need to determine your critical cyber security vulnerabilities, and mitigate against those attack vectors. Consider the entire enterprise as having a potential attack surface. Risk management is about quantifying that risk and minimizing the potential for harm.
In many respects, this is no different than a general practitioner providing medical advice. Many behaviors (such as smoking, overeating and lack of exercise) provide avenues through which other health issues can arise. Reducing risky behavior reduces health risks; a similar situation also exists for electronic health records.
Cyber security protects the generation, usage and storage of all electronic records, whether at rest or in transit. Applying cyber security best practices will ensure compliance with an increasingly regulated environment focused on privacy and security. As a result, the objective of enhanced healthcare through the common usage of electronic health records can in fact be achieved.