In a WikiLeaks World, How Can Healthcare Providers Keep Our Private Records Private?

In an era when data from bank transactions to grocery purchases is stored digitally, it’s unfathomable—but true– that our medical records are still largely recorded by hand…and stored in paper files! Even when medical data is digitized, it is often stored onsite in computers that enable neither information-sharing across providers, nor the analysis of data across patients.

That’s all changing now. With innovation in IT and a big push (including lots of money) from the federal government, more healthcare providers are making the switch to electronic health records (EHRs).

Sharing Healthcare Information is a Good Thing

The debate about EHR impact on healthcare costs continues, but there are two undeniable benefits of the transition from paper-based to electronic health records:

1)      Qualitative: When a patient’s providers have universal access to a single source of medical data for the patient, they can better treat—in the context of what others have done or are doing.

2)      Quantitative: By aggregating, sharing, and analyzing data about how patients respond to treatment under certain conditions (such as drug interactions), doctors can more safely and effectively treat their patients.

But It Means That Data Security is Critical

While proven to increase the quality of healthcare, the sharing of medical data requires that our records be stored on a centralized database that is accessible across providers. In other words, stored in a data center. So then, the question for patients becomes: “How can I rest easy that my most personal data is safe?”

When it comes to data center security, there are three types of threats: 1) exploitation (theft of information); 2) disruption (inability to access data); and 3) destruction (of data or systems). In today’s environment, explains IO Chief Security Officer Bob Butler, “Many data center operators are particularly exposed and vulnerable to those issues, because they have very little understanding of the industrial control system base that drives the IT within their data centers.” (Watch the video.)

Best Practices in Healthcare IT Security

So what is the best thing your healthcare provider can do to keep your medical data safe from exploitation, disruption, and destruction? A founding principle of IO’s Data Center 2.0 strategy is that the data center is the BEST and ONLY place for IT to meet today’s complex security challenges:

1)      Physical security means understanding and managing power distribution, energy recovery, and environmental systems; maintaining access control both outside the data center (background checks, guards, CCTV) and inside the data center (man traps, biometrics, compartmentalization).

2)      Cyber security means tying an operating system to the hardware side of the data center, to provide an interface that connects physical and logical security. IO.OS provides clients the ability to proactively monitor and manage data coming from tens of thousands of sensor points – and to take defensive action when necessary.

The adoption of EHRs, which has sped up as a result of government mandates and incentive programs, is a good thing; done right, EHRs have the power improve the quality of healthcare. However — forgive the cliché –with great power comes great responsibility.  Digitization, central storage, and mobile-enabled access to highly sensitive personal information all demand a comprehensive security solution. The data center must be that solution, and it can be with the IO integrated hardware and software platform.