Healthcare security should start with identity
Despite millions of dollars in potential fines, declining reputation and lost productivity, security spending in most hospitals still averages less than 4% of their total IT budgets. That’s according an article by Healthcare Informatics, which consisted of data gathered by KLAS Research and CHIME. The same report further outlined the state of provider preparedness when it comes to protecting sensitive health data.
Merely 16% of surveyed organisations reported having “fully functional” security programs. While another 43% admitted to either not having a security program or still developing one. Furthermore, only four out of 10 organisations have a vice president or C-level official in charge of cybersecurity. And finally, less than two thirds said security is discussed quarterly at board meetings.
These numbers suggest most providers still have a long way to go when it comes to addressing the reality of cyber security in 2017. That said, where should you start and where will you get the most bang for your buck? The answer is to start with identity where there are significant business benefits.
While news headlines are focused on unwanted intrusions by outsiders, it is important to remember approximately half of all healthcare data breaches in 2016 were attributed to insiders, whether due to malicious intent or by accident. And who are the insiders? They are clinical and operational employees, contractors, vendors and partners—all of whom require access to your data as part of their regular workflow.
- Ottawa Hospital: Transforming health care from the inside out
- MyHealth Centre: Quality patient experience
- Apollo Hospitals: Personalizing healthcare with technology
By placing identity at the centre of a hospital’s or health system’s cybersecurity program, you gain complete visibility and control over who has access to critical applications and data, including the EHR system. When done properly, managing access will strike a perfect balance between the need for strong security and the need for streamlined clinical and operational workflow. Ultimately, this enables providers to focus on what they do best—delivering patient care.
Molina Healthcare, for instance, has 20,000+ employees and a complex hybrid-IT environment with applications running in the data centre and in the cloud. Aligning security efforts around identity enabled them to implement a self-service access request process, which streamlined IT processes and reduced business-user frustration by speeding delivery of access to applications and data. Furthermore, because claims processing is a large part of Molina’s business, speeding up this process has provided great value to the organisation. Finally, because identity became a central focus, IT gained visibility into who has access to what data, and the ability to ensure users have the right access to the right data at the right time.
For healthcare providers, Molina serves as a great example of how identity governance and access management not only helps providers secure sensitive health data, it streamlines clinical and operational workflows.
COVID-19 app for NHS staff launches as restrictions lift
A new app has launched today to support UK hospital staff who have been redeployed to care for COVID-19 patients.
The Acute COVID app has been co-developed by Chelsea and Westminster Hospital NHS Foundation Trust and its charity CW+, along with health tech company Imagineear Health.
It provides information to healthcare staff via a step-by-step guide, aimed at both doctors and nurses. This includes the different stages of COVID-19 so they have guidance around triage at A&E, hospital admission, in-hospital treatments, and advanced care management.
The app also provides training on non-invasive ventilation. In the first wave of the pandemic the numbers of patients needing this type of ventilation led to staff who would not normally administer this to patients having to do so.
Additionally the app signposts staff to where they can access mental and physical wellbeing support, acknowledging the levels of staff burnout, particularly among frontline staff, the pandemic has created.
The launch of the app comes on the same day England lifts its COVID-19 restrictions, labelled "freedom day" by some. However infection rates have soared in recent weeks and the move has been fiercely opposed by scientists and doctors, both in the UK and abroad.
In a letter published in medical journal The Lancet backed by 1,200 international scientists, experts called the unlocking "a threat to the world", as allowing infection rates to rise enables the virus to mutate and potentially become resistant to the vaccination.
At the weekend the newly appointed health secretary Sajid Javid announced he had tested positive for coronavirus, and both Prime Minister Boris Johnson and the chancellor Rishi Sunak are self-isolating.
Meanwhile in the first week of July more than 500,000 alerts were issued by the NHS Covid-19 app telling people they had been exposed to the virus. As a result businesses are considering cutting their opening hours while staff are self-isolating at home. The government has issued guidance saying that fully vaccinated frontline NHS staff in England will be allowed to carry on working even if they've come into contact with someone with COVID-19.