The RISK TO OUR PERSONAL HEALTH RECORDSMarch 10, 2011 No Comments
By Thomas Knight, VP of N. America, AuthenWare™ Corporation
Today we live in an environment where we are constantly analyzing the economics of investing in security and determining the value of the assets that we are protecting. In healthcare today, there is an ever increasing concern with protecting patient privacy as nurses, technicians, doctors, billing clerks, payers, providers and many others have practically unlimited access to their private information. The biggest disappointment that I have with HIPAA is that it offers healthcare organizations a rare opportunity to update their technology platform with best practices, proper procedures and policy enforcement, but very few have actually done so. Too many times the concern of business continuity or ease of use for medical workers drive the strategy and deployment of secure infrastructure, applications and platforms for healthcare enterprises. It is estimated that the healthcare invests approximately 2% of its revenues towards Information Technology, while other industries such as financial services invest nearly 10%.
Healthcare demands large amounts of trust related to the handling of confidential patient propriety data. The dramatic increase in patient information that has been compromised will eventually accelerate the need for providers to invest more solidly in Electronic Medical Records. Luckily, the American Recovery and Reinvestment Act of 2009 has provided incentives for them to fuel EMR investment, primarily through the HIPAA High Tech legislation.
As organizations continue to utilize the userid & password paradigm as the primary way that data is accessed, it is imperative that all enterprises, hospitals and care providers incorporate additional layers of identity authentication to ensure that data remains safe and confidential. Strong multi-factor authentication will protect patient privacy and provide secure access to information in electronic personal heath records. Incorporating keystroke dynamics offers a transparent approach that will dramatically improve secure access to information. It also fulfills the strong security requirement by providing “something you have” in addition to the “something that you know” norm. AuthenWare deploys innovative technology that will identify whether a user of a set of credentials is in fact the rightful user of those credentials or not. In doing so, we significantly increase the protection of healthcare data by preventing access by anyone who has inappropriately acquired a users’ credentials.
It is with this in mind that the protection of privacy and the security of the patient information online be finally be ensured. The usage of a multi-factor authentication technology such as keystroke dynamics would have eliminated the types of breaches that were attributed to the use of login credentials such as the 400,000 health records compromised in Puerto Rico, the 15,000 Social Security numbers stolen from computers at the State of New York’s Office of Temporary Disability Assistance, or through the password-stealing Kroxxu botnet.
Diligence, investment and enforcement of policy can help us have the most secure and trusted healthcare system of digital medical records.
Thomas Knight’s blog post for Authenware can be found here: Authneware Security RedefinedFresh Ink, SECURITY