New healthcare IT compliance service protects electronic medical records

The healthcare industry has the highest mobile intensity of all industries. According to Forrester Research, 89 percent of healthcare businesses are highly mobile. Unfortunately, Forrester also reports that 31 percent of these businesses had an instance of data loss in 2009. As a result, 63 percent rank "understanding the risks and vulnerabilities" as the top challenge when it comes to mobile devices. Now there is a new cloud-based IT compliance service that aims to mitigate the risks and reduce the vulnerabilities that are specific to healthcare businesses. Get a free trial of the service and see if it's right for your business.

I've been seeing the same general practice doctor for about 15 years. The last time I saw him, I noticed he carried a tablet PC instead of the usual thick paper-based folder full of my medical records. I commented on the switch to electronic medical records (EMR) and he said, "I was a holdout but my staff forced me into it."

He's not the only doctor to be toting a tablet PC instead of a plain old tablet of paper. The Congressional Budget Office forecasts that 90 percent of doctors and 70 percent of hospitals will be using comprehensive EMR within the next decade. Government stimulus incentives as high as $44,000 per physician are encouraging medical practitioners to adopt EMR technology. The hope is that electronic records will reduce healthcare costs as well as medical errors.

The HITECH Act: What you need to know about new data breach guidelines

The movement toward electronic health records is both encouraging and frightening. On the plus side, I like that my digital health records can easily be shared with other physicians should the need arise. In an emergency, I'd want my attending physician to know as much about me as possible without having to wait for a copy of paper records.

Advertisement

On the down side, however, I'm concerned about the possibility of a data breach. Apparently this concern is warranted. According to market research firm Javelin Strategy & Research, data theft and other fraudulent activities related to the exposure of EMR data more than doubled in 2009. There were more than 275,000 cases of theft of medical information in the United States in 2009. Javelin expects that incidents of fraud will continue to increase as more medical providers increase their use of EMR.

Why are thieves so interested in medical records? They don't really care when you had your last tetanus shot, or that you had bronchitis two years ago. What they are looking for is your Social Security number, addresses, medical insurance information, and credit card or other payment information -- the items that enable identity fraud or insurance scams.

The problems of identity fraud stemming from the breach of medical data can be worse than the loss of other types of sensitive data. For example, it takes twice as long to detect medical information fraud than it does other sources of data fraud, including retail information. This gives thieves a larger window of opportunity to misuse the sensitive information.

While doctors are rushing toward electronic medical records, the Health Information Technology for Economic and Clinical Health Act (HITECH) imposes stringent regulatory requirements under the security and privacy regulations of HIPAA, the Health Insurance Portability and Accountability Act. HITECH sets steep penalties for HIPAA violations due to "willful neglect." In the case of a data breach, careless mistakes can become public and costly and can force a physician out of business in little time.

Recognizing that many doctors' offices don't employ IT security specialists, Fiberlink Communications recently launched a new service aimed specifically at the healthcare market. The MaaS360 Healthcare IT Compliance Service is a fully online service for large and small healthcare organizations to manage the mobile devices that are used to collect and access digital records.

This service is built on Fiberlink's MaaS360 Platform, which is a cloud-based enterprise mobility platform. It encompasses connectivity, security and compliance for mobile users, essentially becoming a LAN without the restrictions of physical connections. The solution is ideal for businesses with mobile users who need the protections of firewalls, antivirus software, data encryption, secure connectivity and software updates, even though the users are frequently disconnected from their company's network.

Fiberlink has added additional services specifically for the healthcare industry, which has the highest mobile intensity of all industries. According to Forrester Research, 89 percent of healthcare businesses are highly mobile. Unfortunately, Forrester also reports that 31 percent of these businesses had an instance of data loss in 2009. As a result, 63 percent rank "understanding the risks and vulnerabilities" as the top challenge when it comes to mobile devices. The Fiberlink service aims to mitigate the risks and reduce the vulnerabilities.

Fiberlink's Healthcare IT Compliance Service collects data from the mobile devices and sends it to a central management portal. The data collected includes hardware and software installed; the state of endpoint and data security applications running on the systems; versions and dates for patches and antivirus signature files; and information about VPN usage and connections to the Internet. This information is compared to policies established by the business, and information about non-compliant endpoints is collected in a "My HIPAA Compliance Watch List" that is published daily. This watch list is an easy way to determine which mobile devices pose a security or compliance risk, and what to do to remediate the problem.

Because the total management solution is hosted by Fiberlink, customers don't have any new capital costs or infrastructure to manage. In fact, new customers can try the service for free for 30 days here.  

Knowing how anxious my doctor was about having to use a mobile device for making his rounds, I plan to tell him about this Fiberlink service the next time I see him. At least it might allay his fears of a data breach that could be devastating to his business.

Learn more about this topic

VA closes Web portal to eHealth records, cites data errors

British Medical Association in renewed attack on NHS records

Sunnybrook digitizes patient records
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.