For Northwestern Medical Center and Alliance Community Hospital, protecting patient health has always been the priority. But in an increasingly paperless world, protecting patient privacy and the security of their electronic medical and billing records is becoming nearly as critical.
Healthcare providers are ethically and legally obligated to respect patient confidentiality. Facilities, networks and workstations all need to be protected against human error, unauthorized access and external attacks. Federal-funding requirements, and the steep penalties affiliated with the HIPAA security rule have made it all the more important to adhere to the letter of the law.
Industry breaches are mounting at an alarming rate. Breach reporting requirements tied to Meaningful Use incentives have revealed more than 900 incidents compromising the personal information of about 30 million individuals since 2009. Hackers recognize the valuable information contained in Healthcare related files, and are on the hunt for new, unprotected targets.
Unfortunately, keeping up with complex regulations intended to safeguard patient information is a time intensive and often ambiguous process. The HIPAA Security Rule alone includes over 60 components that are measured against 100+ controls established by the National Institute of Standards and Technology.
At Northwestern Medical Center, a 70-bed community hospital in Vermont, employees were working to improve compliance by comparing their policies and procedures to government regulations. IT Managers instituted new policies and processes designed to protect information, but did not have the benefit of knowing which practices had been proven effective and practical elsewhere.
The case was much the same when Alliance Community Hospital began to beef up security in preparation for its own Meaningful Use attestation. “As a small, community hospital, we have a small IT team that has to take care of day-to-day functions,” says Daniel Yarian, Information Technology Director for Alliance Community Hospital. “We couldn’t even consider doing this ourselves.”