ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > 3 IT Tips for Modern Healthcare Organizations

3 IT Tips for Modern Healthcare Organizations

Larry Alton, Writer,
| Posted at 3:10 PM by ISACA News | Category: Risk Management | Permalink | Email this Post | Comments (0)

Larry AltonThe healthcare industry has been revolutionized as the result of new technologies, advanced data collection methods, and the growth of cloud solutions. It’s equal parts exciting and intimidating. The only question is, are you staying up to date?

It’s time to take IT responsibilities seriously
In an age where data integrity is becoming increasingly important, healthcare organizations continue to be targeted and exposed. The Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, released last year by Ponemon, shows how serious the situation is.

“For the sixth year in a row, data breaches in healthcare are consistently high in terms of volume, frequency, impact, and cost,” explains Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Nearly 90 percent of healthcare organizations represented in this study had a data breach in the past two years, and nearly half, or 45 percent, had more than five data breaches in the same time period.”

It’s not just outside attacks and data breaches, though. If you look at this industry, it’s clear that regulatory compliance – in the face of shifting digital requirements – is also a major challenge.

It’s time for healthcare organizations to slow down and focus on what they’re doing to protect themselves, their data and their clients. Here are a few IT-related suggestions to get the ball rolling in a positive direction:

1. Invest in training. You can implement sophisticated data platforms and develop intensive processes that protect patient data and promise to reduce risk, but it all comes down to the people. Your employees – i.e. the end user – will always be the weakest link in the chain. If you aren’t investing in training and providing them with the resources they need to be successful, then you’re compromising your entire approach.

2. Try predictive analytics. Regulatory compliance is obviously a chief concern in today’s environment, but you don’t have to feel like you’re constantly playing catch-up. With the right system in place, you can take a proactive stance and add value to your organization.

Many leading healthcare organizations are turning to predictive analytics. For example, a platform like IgniteQ uses proprietary algorithms and organization-specific CMS data to provide real-time analysis of how your company lines up with industry benchmarks and what you can do to improve quality of care, MIPS scores, and overall performance. This forward-facing approach is far more effective and powerful than the typical review-based strategy.

3. Get serious about limiting access. Nothing is worse than having your patients’ data stolen. Professional hackers can use this information to hack into bank accounts, steal identities and cause havoc for everyone involved. And while you may not be directly blamed for data theft, you’re almost always indirectly responsible.

The smartest thing you can do is limit access to protected patient data. The fewer people who have access to the data, the less risk there is that confidential information will get into the wrong hands. Nobody should be able to access patient information unless they have a specific need for it. Loose policies in this area will come back to bite you.

Putting it all together
It’s easy to feel as if your organization is immune to the larger problems of the industry. Data breaches and compliance issues are things that other, less responsible organizations deal with. But this simply isn’t true. No modern healthcare organization is safe.

It’s imperative to understand that breaches and mistakes can come from both inside and outside the company. In an effort to strengthen your organization and safeguard data, you have to account for both forces. Better training, a focus on predictive analytics and initiatives to limit access to confidential information will give you a good place to start.


There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.