breaches

See the following -

Patient-Centered Security Program

Andy Oram | EMR & HIPPA | August 29, 2016

Andy OramThe HIMSS report certainly appears comprehensive to a traditional security professional.They ask about important things–encryption, multi-factor authentication, intrusion detection, audits–and warn the industry of breaches caused by skimping on such things. But before we spend several billion dollars patching the existing system, let’s step back and ask what our priorities are. It’s a long-held tenet of the security field that the most common source of breaches is internal: employees who were malicious themselves, or who mistakenly let intruders in through phishing attacks or other exploits. That’s why (you might notice) I don’t use the term “cybersecurity” in this article, even though it’s part of the title of the HIMSS report.

Read More »

Patient-Centered Security Program (Part 2)

Andy Oram | EMR & HIPPA | August 30, 2016

Andy Oram

The previous part of this article laid down a basic premise that the purpose of security isto protect people, not computer systems or data. Let’s continue our exploration of internal threats. This is a policy issue that calls for involvement by a wide range of actors throughout society, of course. Policy-makers have apparently already decided that it is socially beneficial–or at least the most feasible course economically–for clinicians to share data with partners helping them with treatment, operations, or payment. There are even rules now requiring those partners to protect the data. Policy-makers have further decided that de-identified data sharing is beneficial to help researchers and even companies using it to sell more treatments. 

Read More »