November 1, 2009
Healthcare IT security administrators face the enormous challenge of creating a system that provides governance over IT systems, minimizes risks of a security breach, and ensures compliance with the law. Healthcare providers and health insurers face more regulations and greater data security risks than ever before. Many are relying on role-based access governance solution to help them overcome this growing challenge of risk reduction and compliance.
Whether you're in the healthcare or health insurance business, you have a serious responsibility to safeguard IT systems and data. You have to protect them from identity theft, financial fraud, competitive spying, and even employee snooping. You must also provide accountability to regulatory agencies concerned with your organization's compliance with the Healthcare Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX).
The information that must be protected encompasses patient data, insurance data, personnel files, payroll, financial reports, research, and even email. Failing to secure this information can mean huge fines, lawsuits, and the long-term loss of your customers' trust. Yet to provide adequate security in a manner that is not burdensome to employees can be a major challenge. This push for greater healthcare IT security measures becomes more challenging when one considers how highly mobile healthcare workers often are. For example, teaching hospitals get a seasonal influx of medical interns who all require accounts. This produces a backlog of users who need network and application access for their jobs. Some then wind up borrowing co-worker IDs, creating a major security risk.
Healthcare organizations need a solution that quickly delivers the appropriate security access permissions required by employees based on their job functions and provide
- Who has access to what healthcare applications
- Who & when the access was granted
- Why the access was granted
- Accountability
According to a survey by the Ponemon Institute and reported in Insurance Technology, the average cost of a healthcare IT security breach is $6.3 million, and for financial services firms, these costs tend to be even higher--as high as $35 million in some cases.
