Evolving information threats make HIPAA Security Rule necessary

Feb 17, 2005

DALLAS - Healthcare organizations continue wrestling with HIPAA compliance issues, yet still face impending security regulation deadlines. Told they must implement specific provisions, many still question the rationale behind the U.S. Department of Health and Human Services (HHS) security requirements.

At the Healthcare Information and Management Systems Society (HIMMS) conference this week, Keith Fricke, data security administrator for the east region of Cleveland Clinic Health System, explained the necessity behind HIPAA's Security Rule.

Fricke's statistics revealed high levels of vulnerability facing networks. According to studies conducted by the U.S. Federal Trade Commission, identity theft and fraud increased by 149% between 2001 and 2003. Citing further evidence of the need for heightened security, he said that hospitals were rated the fourth-highest target for hackers in a 2002 survey.

Given the staggering numbers, Fricke concluded that there is an increasingly high level of risk associated with receiving healthcare in U.S. In addition, he said that the industry remains deficient in protecting private information.

"Healthcare lags far behind the financial industry in terms of protecting information," he said.

He advised that a successful means of obtaining organizational buy-in to security compliance efforts is to reinforce the reality that most healthcare workers are likely patients of the organizations in which they work, and accordingly, have a vested interest in securing their information.

Fricke listed today’s major information security threats as:

  • Internet reconnaissance
  • Viruses and worms
  • Social engineering
  • Wireless communication
  • Mobile computing

Internet reconnaissance provides two types of targets: the opportunity target and the intentional target, he said.  Opportunity targets are sought out by those randomly attempting to locate vulnerabilities, while intentional targets are sought by those with prior knowledge of network vulnerability.

Information on these network vulnerabilities is often placed on Web sites and used by individuals in different ways and for different purposes, according to Fricke. Likewise, virus and worm programs are developed and posted on the Web for multiple reasons.

Some viruses and worms are cleverly distributed through e-mails with intriguing subject lines requesting the recipient to visit different Web sites. Upon visiting the site, these malicious viruses or worms may invade a user's system and deploy functions such as keystroke logging, and subsequently transmit private information such as passwords, credit card numbers, and social security numbers back to a pre-determined location.

These are the types of nightmares HIPAA's Security Rule was intended to address.

Fricke illustrated the ease with which wireless-network invasion can be accomplished, using antenna boosters and do-it-yourself boosters from plans on the Internet. He recommended educating the workforce on threats to network security, as well as implementing several different types of antivirus software to defend against network vulnerabilities.

"Computers change all the time, and new viruses are being created on a daily basis. As healthcare organizations start driving remote access, the physical walls of the organizations begin to disappear," Fricke said. He emphasized that there is an industry responsibility to educate providers and patients on security threats existing today, in an effort to ensure information privacy and security.

Throughout his presentation, Fricke stressed the overarching need for information security.

"The HIPAA Security Rule helps ensure that healthcare organizations protect the confidentiality, integrity, and availability of electronic protected health information," he said. "Security enables the use of technology to deliver improved patient care. Security makes privacy possible."

By Kris Knight
AuntMinnie.com contributing writer
February 18, 2005

Related Reading

Seven-step approach offers help for HIPAA integration, February 14, 2005

A practical approach to HIPAA security compliance, February 10, 2005

HIPAA security: IHE guidelines help ensure compliance, November 26, 2004

HIPAA compliance encountering rocky road, August 30, 2004

Analysts offer advice on keeping HIPAA security compliance simple, March 12, 2004

Copyright © 2005 AuntMinnie.com

Latest in IS
2017 03 30 15 16 56 745 Mammogram Calendar 400
Can self-scheduling and referral close breast cancer screening gaps?
July 31, 2023
2018 11 19 17 20 4754 Back Pain 400
Simple EHR intervention reduces unnecessary lower-back x-rays
July 30, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Amazon Web Services releases imaging data platform
July 25, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
Online course teaches students about appropriate imaging use
July 19, 2023
Related Stories
Merge
IS
Merge eFilm
Ris
IS
Clinical specialization, connectivity keep RIS vital
Witt
IS
Witt Biomedical
Netris
IS
net-RIS
More in IS
Can self-scheduling and referral close breast cancer screening gaps?
By Amerigo Allegretto
Online patient portal self-scheduling and self-referral methods can help mitigate health disparities in breast cancer screening, according to research published July 26 in the Journal of the American College of Radiology.
July 31, 2023
2017 03 30 15 16 56 745 Mammogram Calendar 400
Simple EHR intervention reduces unnecessary lower-back x-rays
By Kate Madden Yee
A relatively simple electronic health record (EHR) intervention reduces the incidence of unnecessary x-rays for patients presenting with low back pain, a study published July 28 in the Journal of the American College of Radiology has found.
July 30, 2023
2018 11 19 17 20 4754 Back Pain 400
Amazon Web Services releases imaging data platform
By AuntMinnie.com staff writers
Amazon Web Services has launched an imaging data platform for storing, accessing, and analyzing medical images at petabyte scale.
July 25, 2023
2020 01 28 20 45 5229 Cloud Computing Laptop 400
Online course teaches students about appropriate imaging use
By Amerigo Allegretto
An online elective course can effectively educate radiology students on the concept of appropriateness in medical imaging, according to an Israeli study published July 18 in Academic Radiology.
July 19, 2023
2021 06 16 23 10 5735 Student Doctor Laptop Test 400
CMS proposes radiology reimbursement cuts, AUC pause for 2024 MPFS
By Erik L. Ridley
In what has seemingly become an annual event, the U.S. Centers for Medicare and Medicaid Services (CMS) has once again included radiology reimbursement cuts in its Medicare Physician Fee Schedule (MPFS) Proposed Rule.
July 13, 2023
2019 07 31 17 01 7432 Medicare Puzzle 400
Summary reports improve CT planning for ovarian cancer surgery
By Kate Madden Yee
A synoptic, or summary radiology report, improves pretreatment CT planning for patients with advanced ovarian cancer compared to a simple structured report, according to a study published on July 12 in the American Journal of Roentgenology.
July 12, 2023
2023 07 12 19 50 6142 2023 07 12 Ajr Ct Ovarian 400
PET/CT shows value in patients with portal vein thrombosis
By Will Morton
PET/CT could be a valuable new imaging technique for distinguishing benign from malignant portal vein thrombosis in liver cirrhosis patients, according to a group in Egypt.
June 26, 2023
2023 06 22 23 04 9721 2023 06 23 Pet Pvt 20230622231003
Ransomware affects emergency radiology workflows
By Amerigo Allegretto
Ransomware attacks have a significant effect on emergency radiology workflows, as well as on acute care delivery and the personal well-being of healthcare providers, according to a study published June 15 in the Annals of Emergency Medicine.
June 19, 2023
2021 08 10 16 10 2928 Cybersecurity Lock V2 400
SIIM: Can Microsoft Teams lessen radiologist interruptions?
By Erik L. Ridley
AUSTIN, TX - Asynchronous forms of communication such as Microsoft Teams are much less disruptive to radiologists than phone calls or in-person visits, according to a talk delivered at the annual Society for Imaging Informatics in Medicine (SIIM) meeting.
June 18, 2023
2020 04 16 18 17 3383 Radiologist Ct Scan Brain Tumor 400
Turing debuts MRI visual feedback module at ISMRM 2023
By AuntMinnie.com staff writers
Neuroimaging software company Turing Medical Technologies (formerly Nous Imaging) used the venue of ISMRM 2023 in Toronto to launch FIRMM-pix, an in-bore visual feedback module designed to actively reduce head motion during brain MRI scans.
June 8, 2023
2023 01 30 21 50 9506 Computer Display Monitor Lab Mri V2 400
ImagineSoftware acquires Within Health
By AuntMinnie.com staff writers
Radiology billing and RIS developer ImagineSoftware has acquired artificial intelligence software developer Within Health. Terms of the deal were not disclosed.
May 23, 2023
2020 08 20 17 37 8876 Business Handshake Man 400
DetectedX touts learning platform success
By AuntMinnie.com staff writers
DetectedX is highlighting that the user base for its Radiology Online Learning Centre has exceeded 4,500 users, which the company says range from large radiology groups to individuals around the world.
May 3, 2023
2020 06 16 22 09 9134 Doctor Virtual Meeting Laptop Computer 400
Page 1 of 603
Next Page