As I see the seemingly endless reports of breaches it does seem obvious that progress in the protection of healthcare still lags. HIPAA HITECH certainly have spurred some action, but it’s obvious that the protection tactics aren’t sufficient to protect against the data thieves and hackers. And for the most part, the industry has begun moving towards more robust data protection strategies, as opposed to implementing point solutions. But the numbers mentioned by Office of Civil Rights at HHS, 50,000 breaches and 21 million patient records compromised since 2009) certainly lead me to question just how effective we’ve been at protecting data.
In answer to the seemingly endless parade of health care breaches, come the new CMS Stage 2 rules. The new rule states “Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1), including addressing the encryption / security of data stored in CEHRT … and implement security updates as necessary and correct identified security deficiencies as part of the provider's risk management process.” The new Stage 2 CMS EHR rules emphasizing encryption for data at rest is certainly overdue given the industry’s track record and the costs associated with data breach notifications. The good news for healthcare providers is that breakthroughs in encryption technology, including on-chip encryption acceleration, are making its use transparent to system users. Performance has been a roadblock to wide scale adoption of encryption in the past. Fortunately, advances in encryption, such as those detailed in the whitepaper “Vormetric Encryption Performance Overview: Delivering More with Less” have made implementation more practical than ever before. I’d be interested to hear from you about your thoughts on Healthcare data protection. Please comment! What challenges do you see in protecting this sensitive data?