Page 18

Advance for Health Information Professionals • January 2017

18 ADVANCE FOR HEALTH INFORMATION PROFESSIONALS / ELECTRONIC HEALTH RECORDS Health data theft also takes much longer for providers and patients to identify. The Banner incident is a good case in point: the break-in took place in mid-June but the news wasn’t announced to impacted patients until August. Since Banner’s announcement, 13 more breaches impacting 500 or more records have been reported by the U.S. Department of Health and Human Services Office of Civil Rights.3 These breaches cost the healthcare industry almost $5.6 billion.4 Closing the Doors is Not an Option Faced with these facts, many health IT managers would prefer to block any and all potential weak points. The reality of today’s healthcare environment, however, make this response to security threats virtually impossible. Data sharing between providers, patients and referring sites is now critical to ensuring efficient, coordinated care. In addition, 70% of physicians rely on their mobile devices to manage patient data and want mobile access, both from within a health systems network and outside of it, to patient images and data.5 Supporting this demand while protecting patient data puts health IT departments in a constant state of conflict. They play a crucial role in providing critical patient data to providers in a timely way to support better care, and they also bear an increasingly heavy burden of keeping that data safe and secure in the face of real threats. Health IT managers, however, can both provide and protect patient data if they have tools that support modern security requirements. Modern mobile health IT tools need built-in support for security technologies. Any technology that is used for information sharing and exchange should be designed and developed with integrated security. An enterprise image viewer provides a good example of how security needs to be part of every action providers take when working with patient data. Accessing Patient Images The first step to viewing a patient image either from a mobile device or a remote location is gaining access to where the patient image is located. The systems that house patient image data, whether a PACS or a VNA, have their own security, and enterprise networks also have security systems to support secure external access.6 This security is typically based on standards that allow IT departments to integrate the usernames and passwords from multiple accounts into a single, secure sign-on. Support for these standards is critical to both managing user authentication and to allowing users to keep their password safe and secure. It also enables IT managers to implement best practices, such as periodic password changes. A secure enterprise image viewer should include built-in support for these standards, including Lightweight Directory Access Protocol (LDAP) and Authentication Directory (AD). With this support, the image viewer’s own security will work with existing user authentication systems, ensuring that anyone accessing patient data is who they say they are. No Data Transfer Security doesn’t stop at access. The action of viewing data also requires secure technology design. One way to protect a patient image when viewed on a mobile device or an external computer is to keep any patient data from being transferred and saved on the mobile or remote device. To enable this, technology designs must first allow image data to be viewed during a connection in whatever way and however long a provider needs to view it. DICOM images, videos, 3-D images and more must be fully accessible at a quality level that allows the provider to diagnose based on what he or she is seeing. To keep patient image data secure, however, once the provider closes an image or video, and/or logs out of the image server, all of the data needs to be com- Security doesn’t stop at access. The action of viewing data also requires secure technology design. JANUARY 2017


Advance for Health Information Professionals • January 2017
To see the actual publication please follow the link above