Health information management and IT: Crusaders who protect what matters

Protecting information is a hot topic. I just read an alarming article that it cost a New York hospital nearly $15 million to recover from a massive cyber attack. For six weeks, the hospital worked with pen and paper until its systems were back online – returning to manual processes that hadn’t been in place for 20 years.

I also recently heard about a member of a health system’s Board of Directors who was caught in a phishing scam. Neither that New York hospital, nor that board member, were casual about security. As they say – it can happen to anyone.

In order to respond to how data is collected, utilized, stored and protected, the healthcare industry is constantly evolving. Because this information is extremely valuable.

In fact, “A stolen medical record is worth 10 times more than a stolen credit card,” according to Russell Branzell’s article, Maximizing BOTH IT and Cybersecurity: Is it Possible?

Considering how much information a medical record contains, I think they’re worth more than that. After all, it’s easy to shut down a compromised credit card number. But, a medical chart? That’s another story.

Medical record security

Hospitals must embrace evolving technology while protecting themselves and the information they house. One approach is to encourage their Health Information Management (HIM) and IT departments to work together in a more collaborative fashion. Both departments have complimentary goals and objectives, including establishing policies, determining accountability for managing information and protecting information with appropriate controls.

These departments value information, data and technology as strategic assets to the organization, so you need to give them resources to keep it all secure.

Responsible for maintaining the integrity of the chart, HIM staff must know where the data and information are stored. Granted, this becomes increasingly difficult as data and information take on different forms – including photos, videos, X-Rays, MRIs, etc. – but, whether stored in a single enterprise platform or in multiple data silos, the HIM department knows where to look for information. Often, HIM staff know about departmental software solutions and hardware that IT does not.

HIM and IT: Better together

By working together, HIM and IT can perform a complete inventory and create a roadmap to move the support and maintenance of all systems to IT. The HIM department can also help IT evaluate software currently in use to determine if it’s possible to consolidate systems to eliminate data silos and reduce IT sprawl.

Once the inventory and system consolidations are complete, HIM and IT can work together to review privacy and security policies. While privacy policies detail who is authorized to see patient information and under what conditions, security provides the controls to enforce those privacy policies.

Monitoring audit logs definitely helps HIM and IT determine if a security breach has occurred. But rather than waiting for a breach to occur, HIM and IT should be proactive about preventing one. You can accomplish this by proactively upgrading and patching hardware and software to reduce the security risks to the organization – and by being vigilant. The bad guys keep getting smarter and it’s going to take all of us to defeat them.

If you would like more information on this topic, please register for our webinar: The Role of Health Records in IT Governance. We will make a recording available so you can watch when your schedule allows.

Laura Pietromica

Laura Pietromica

Working in the healthcare field for more than 16 years, Laura Pietromica has spent the past nine years with Hyland’s Healthcare division. Prior to joining Hyland, Laura was the lead system administrator responsible for overseeing the software platform used in all endoscopy departments at a large multidisciplinary academic medical center in the USA. Since joining Hyland, Laura shares her time working with customers to strategically plan projects, consult and develop long-term solution roadmaps. Laura has a Bachelor of Science degree in Communication from Ohio University is a HIMSS Analytics certified EMR Adoption Model educator and holds certificates in Document Imaging Architect (CDIA+) and Enterprise Content Management Practitioner (ECMp).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like...