By Jim Keener for Health IT Outcomes
A recent survey of healthcare executives revealed employee awareness as their greatest cybersecurity concern. Even if comprehensive educational programs are already in place, it can be difficult for hospital administrators to stay on top of the latest IT security challenges and solutions. This is partially due to how busy physicians and care teams are on a daily basis, but it’s also a result of how quickly the nature of security threats can change from day to day.
Healthcare IT security risks made headlines earlier this year due to a ransomware attack that spread through hospitals across the globe, and incidents like this serve as a reminder of how critical it is for hospitals to stay in the loop on the latest data security challenges and solutions. To help healthcare professionals take the first step towards educating themselves, here’s a quick overview of the high-level IT security issues facing hospitals today.
Maintaining System Performance
Hospital IT systems need to be air-tight to minimize the risk of security threats. However, these systems have to maintain an appropriate balance between security and performance. Physicians are under immense pressure on a daily basis, and they need to be able to access and upload data to the various systems they use with reasonable speed and ease. There are many ways technology vendors can help ensure hospital systems are both protected and functional. For example, an increasing number of technology companies are migrating their servers to private clouds that offer methods for remotely controlling the level of performance power. This provides the ability to securely boost performance when hospitals need faster system access.
Boosting System Functionality
Hospitals should also take system functionality into consideration when evaluating IT security. A typical physician may spend up to half of their day performing administrative tasks, and the best systems should help them prioritize and complete these jobs as efficiently as possible. These expanded functionalities should lessen the burden of administrative tasks so physicians can spend more time on patient care, and in some cases they can also help minimize security risks. For example, doctors could greatly benefit from using a secure chat tool built into their hospital’s system infrastructure that allows them to securely discuss case developments with care teams and consulting physicians. A system with this level of functionality prevents care teams from sending unsecure emails or text messages containing sensitive patient information.
Adapting To System Innovations
Technology is constantly evolving, so a hospital’s security measures should adapt to maintain a high-degree of protection as new modules or software platforms are added on to a central system. As an example, mobile devices are one of the biggest developments that IT specialists have had to account for in recent years. As more physicians and staff members use mobile devices to capture patient data, hospitals will have to take measures to ensure data stored on these local devices is encrypted until it can be uploaded to the central system.
Supporting Wireless System Infrastructure
As mobile devices and wireless systems become the norm, healthcare practices will have to accommodate the limitations of this technology into their infrastructure plans. Hospital buildings have particularly unique construction requirements, such as needing lead walls in x-ray rooms, and these can potentially interfere with wireless system and device performance. To accommodate these needs, hospital IT infrastructures should be built to ensure there are no rooms or sections of a building where spotty mobile coverage could lead to data corruption.
Educating Hospital Staff
Overcoming IT security challenges is about more than having the right technology – it requires action from nearly every level of a hospital’s staff. It all starts with education and regular reminders to care teams about best practices. For example, every staff member should be trained on proper protocol for sending emails or other messages containing patient data. Additionally, everyone should be reminded of day-to-day actions that can contribute to a more secure facility. These actions can include setting a screensaver for unattended computers, regularly changing passwords, locking computer access when users are away and shredding paper files that contain sensitive information. To seasoned IT professionals, these are rudimentary items, but it’s critical to ensure every care team understands and executes these best practices to protect patient data and information.
Ultimately, IT systems should help care teams focus less on conducting administrative tasks and more on patient care. However, this doesn’t mean hospitals can install the latest technology and move on. Data security challenges are constantly changing, and hospitals can address them through combining the proper IT infrastructure with regular staff training and communication.