CHAPTER 13

Healthcare Information Technology Security

Information technology (IT) is transforming the delivery of healthcare. The adoption of Electronic Health Records (EHR) is transforming U.S. healthcare from a paper-driven system to a new era where health information can be instantly transmitted and shared. Overall, requirements for health information are that it must be kept confidential, have high integrity, be life-critically accurate, and always be available every time and every place it's needed. Other purposes of health IT data include improving healthcare quality, reducing costs, and increasing population health, which is otherwise known as the three-way goal.

More so than other domains, healthcare data is controlled by many legal and regulatory constraints. In 2009, the American Recovery and Reinvestment Act (ARRA) became the first federal data loss law, and it applies only to healthcare data.

If a removable storage or mobile device containing unencrypted data is misplaced, lost, or stolen, a data loss is assumed (a worst case scenario) and requirements for notifying subscribers are invoked by legal mandate. Stories about data loss are constantly in the news; all it takes is one lost tablet or laptop for data to be compromised.

Privacy is a key requirement within healthcare information technologies and it has a narrower meaning than cybersecurity. In healthcare, privacy emphasizes the confidentiality aspect whereas in other IT realms, privacy includes integrity and availability ...

Get Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.