Securing health information exchanges
By George Chang June 27, 2014
- Need to connect in from various points within the healthcare value chain
- Challenges arise from different business functions taking place in the network
HEALTHCARE as we know it is changing quickly. Malaysian healthcare providers will soon be required to provide communication and collaboration platforms that allow seamless integration among the various stakeholders.
These changes in information flows, along with an explosion of digital content that needs to be stored and shared, are driving the need for a secure, flexible and scalable IT platform through which providers, payers and health sciences can support collaboration and information exchange.
At the same time, Health Information Exchanges (HIEs) are also becoming a more affordable means to transfer clinical information and other data.
The transition towards more patient-centric care and decentralised monitoring means providers, patients and payers need to access information that originates outside the hospital setting.
The trends toward personalised medicine, prevention, and wellness means stakeholders need to connect information from various points within the healthcare value chain − including providers, laboratories, payers, and patients.
The more this private information is opened to outside entities, the greater the chance that these systems can be compromised either intentionally or accidently.
Upcoming changes to the healthcare industry
The major challenges to a healthcare provider’s network arise from the different business functions increasingly taking place in their network.
Allowing patient and provider access to the network
As contradictory as it sounds, healthcare providers are now looking for ways to increase the access doctors, vendors, and patients have to applications and the Internet.
With new guarantees for patients regarding access to information and a focus on lowering costs through new initiatives like telemedicine, the entire healthcare centre is driving towards a more collaborative environment where all parties have access to the information they need.
The most obvious security concern with this approach is ensuring that sensitive information like protected health information (PHI) and payment information is kept separate and secured from general Internet and network traffic.
This requires encryption and wireless management technology coupled with traffic shaping technology to ensure that the appropriate treatment information is accessible and is always the top priority.
Increased use of clinical informatics to improve workflow
Along with the increased collection and flow of data, healthcare organisations are constantly striving to improve workflow, both physical and information. Improved workflows equal lowered costs, happy and productive caregivers and an environment that allows improved patient safety and quality care.
The key challenge from a security perspective is ensuring that only the required pieces of data are transferred and nothing more.
Constant contact through social media
It should come as no surprise that healthcare organisations are looking for ways to communicate with patients via mobile devices.
According to new estimates by research firm eMarketer, time spent using mobile devices for activities such as Internet and app use, music and others has more than doubled in the past couple of years.
With more patients getting their information and media through mobile devices, healthcare organisations understand that patients are managing their care through mobile devices and social media. Patients in the hospital and visitors are likely to be using social media to share updates with friends and family.
For the healthcare provider, the challenges with social media revolve around maintaining compliance with regulatory around maintaining compliance with regulatory mandates – ensuring that no sensitive information is compromised.
Other challenges around social media include keeping the network free from malware. Nurses, doctors, patients, and visitors are all bringing mobile devices on the network, significantly increasing the chances of infection from one of those devices.
Increasingly stringent compliance mandates
As a result of the increasingly sensitive data handled by the healthcare industry, regulatory requirements have been implemented to help increase the security of healthcare providers and associates as well as the data they protect.
In the United States, HIPAA (the Health Insurance Portability and Accountability Act) and the HITECH (Health Information Technology for Economic and Clinical Health) Act set up standards around protecting PHI.
Healthcare organisations also find themselves responsible for complying with the Payment Card Industry Data Security Standard (PCI DSS). PCI DSS provides broad requirements for securing personal non-public information used on digital technology in retail systems.
Towards a secure health architecture
All the challenges mentioned above require disparate functionality. Healthcare service providers need to evaluate their security needs at each of the following levels:
- Management level: Given the widely distributed nature of modern healthcare establishments, the ability to quickly modify and manage security appliances is essential.
- Aggregation level: The aggregation level is the destination for all data. Typically this is the hospital data centre. Core security functions such as firewalling, application control and VPN (virtual private network) termination take place at this level.
- Business associate level: The individual clinic, lab, doctor’s office, or any business associate requires security and connectivity for a wide variety of functions including WiFi, voice, and traditional network connectivity. With the addition of consumer connectivity, each associate much also be able to provide security functions such as antimalware and application control.
- Access level: As healthcare organisations extend access to providers using tablets and to patients using mobile devices, ensuring secure access is critical.
The entire healthcare industry is undergoing a dramatic shift designed to enhance the level of care provided to patients. The sensitivity of patient information has created the need for end-to-end security solutions throughout the entire healthcare network – from doctor’s offices all the way to the hospital data centre.
Healthcare providers can no longer afford to take security lightly. Only with security as the foundation can Malaysian healthcare organisations build IT services and applications that meet the requirements of the business and healthcare mandates.
George Chang is vice president for South-East Asia & Hong Kong at Fortinet, which provides network security appliances and unified threat management solutions.
All KPJ hospitals to be on the cloud by end-2015
Cloud fever grips Asia Pacific healthcare market
Cisco eyes healthcare, govt sectors in Malaysia
Mahindra Satyam, TechMatrix in Asean cloud-based healthcare pact
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.