White House Report Addresses Security Of Healthcare Exchanges

Strong authentication, encryption, log auditing key to keeping electronic healthcare information safe

Healthcare breaches rose dramatically this year, while new data shows securing patient data is a low priority at most healthcare organizations -- all amid the backdrop of the industrys adoption of electronic medical records (EMRs).
Meanwhile, the White House appointed Presidents Council of Advisors on Science and Technology (PCAST), which includes experts from academia, nongovernmental organizations, and industry, published a report late last week that calls for the federal government to set up a universal standard of sorts for the secure exchange of health information electronically among various hospitals and institutions, as well as ways to fund the development of healthcare information exchanges.
Among the key concerns in the healthcare industrys transition to EMRs is the security of so-called healthcare exchanges -- networks that serve as the vehicle whereby doctors, labs, insurance companies, and other related parties share patient information electronically.
Steve Archer, head of Verizons Innovation Incubation Group, says he thinks the movement to electronic health records ultimately will improve the security and privacy of patient data. It has to get better when you look at the whole ecosystem of healthcare, Archer says. But with all of the parties coming online, including major physician groups, healthcare organizations, and even small doctors offices, theres bound to be some weak links initially, he notes.
The bottom line is healthcare providers gather more than just medical records. They are collecting personal, medical, and financial information, he says. Theyve got all of this coming together, so theres a rich opportunity for bad people to do malicious things with it. So security has to be made stronger and tighter.
Rick Kam, president of ID Experts -- which commissioned a recent Ponemon Institute study on healthcare security that found the healthcare industry is now suffering breaches to the tune of $6 billion per year, yet 70 percent of healthcare organizations say securing patient data isnt a priority -- says healthcare exchanges as well as small to midsize healthcare practitioners are the biggest security risk in EMRs.
Verizon, meanwhile, is offering the 2.3 million healthcare provider members of its own Medical Data Exchange free multifactor, strong authentication. Stronger identities is of the big requirements for making healthcare exchanges more secure for patient information-sharing, Verizons Archer says.
The White Houses new Realizing the Full Potential of Health Information Technology to Improve Healthcare for Americans: The Path Forward recommendations are an important step toward helping make the move to EMRs more secure than the status quo, according to Archer.
In order for electronic sharing of health information, youve got to have standards people are going to follow, he says. And requiring stronger authentication, encryption, and auditing of logs are also a big piece of the security and privacy puzzle here, he notes.
It all comes down to nonrepudiation -- audit logs, digital signatures, [and] the ability to see, manage, and maintain with a higher level of confidence of who is looking and where the information is being passed, he says.
The
PCAST report
(PDF) says the best way to manage and store healthcare data is to break it down into small, individual pieces that then be exchanged or aggregated using data tagging and metatag data. The report points to XML as a potential universal exchange language. Tagging data would also provide better privacy and security, according to the report. There would be no centralized federal database of patient health information, either.
Meanwhile, the
recent Ponemon Institute report
found that 40 percent of healthcare organizations learned they had been hit by a data breach after a patient complaint, and 63 percent of healthcare organizations took one to six months to resolve a breach. Overall, 56 percent have either fully deployed or are in the process of deploying an EMR system, and 74 percent of those that have them say it better secures patient data.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
White House Report Addresses Security Of Healthcare Exchanges