Medicexchange.com News

Patient data confidentiality and Institutional security will continue to be at risk if proper care is not taken while, transferring data from paper to digital Ericka Chickowski from darkreading writes on Apr-30th.

Surveys recently conducted revealed that,

1. The adoption rate of EMRs within U.S. medical offices grew higher.
2. Low budgeted healthcare organizations have increased their EMR use,
3. Fraud based on exposure to health data ALSO rose.

Deke George, CEO of NetSPI, (a security consultancy with healthcare client base) are of the opinion that, Even the resourceful healthcare organizations, with established databases, are yet to catch up with their counterparts in other industries, in terms of security of data. “There are many healthcare environments that still haven’t even put in DMZs,” he says. “From just a logical separation within the larger environments, these organizations are not necessarily segmenting off their databases.” Scores of significant data is scattered around, across numerous databases to collaborate, observe and research for healthcare informatics. Unsaved or loosely kept important patient data can also be found under test environments.

George says, “It’s more than a leak- what ends up happening is there’s a lot of data warehousing and there’s a lot of information that is in one database, but it gets spread around because it needs to be used for healthcare informatics in other uses. So you have all of these databases that just multiply, whether it’s because the applications themselves grow or the use of the database information grows from the native database to the data warehouse to other types of systems that now need this information.Everyone says up front that they don’t have real information in their test environments, but I would say probably 50 percent of the time we find that test environments contain live information,” Thus, understanding the value and location of the data and allowing authorised access to them, are meant to improve data confidentiality management according to him.

However, Josh Shaul, vice president of product management for database and application security vendor Application Security Inc adds, “…In the end we’re all securing data in databases and Oracle, SQL Server, and Sybase. They work the same whether you have your secret recipe in them or you have your healthcare information in them or you have credit card data in them.”