Successful Strategies for Healthcare Security & Privacy
Thursday, 21 April 2011
Improving the quality and reducing the cost of patient care depends on digitizing healthcare workflows and moving to electronic patient records. These records are a type of sensitive information, also referred to as electronic Protected Health Information (ePHI). Sensitive information in electronic form presents new vulnerabilities compared to paper-based equivalents.
The security and privacy risks associated with sensitive information are increased by several growing trends in healthcare, including clinician mobility and wireless networking, health information exchange, cloud computing, "bring your own computer", and the use of Personal Health Records (PHRs). The sophistication
of malware and security threats is increasing. Compounding these challenges are the limited budgets that healthcare organizations typically have available to mitigate risk, coupled with the rising consequences of failure to safeguard sensitive information.
This whitepaper describes an industry-standard approach that healthcare organizations can use to assess risks and identify security and privacy needs. We also share a multilayered, defense-in-depth strategy that can help healthcare organizations mitigate risks throughout the threat lifecycle to protect the confidentiality, integrity, and availability of sensitive information. With this foundation in place, we discuss specific security and privacy needs for healthcare organizations and describe several Intel® technologies that
can help address these needs:
Mitigating loss or theft of sensitive information
Protecting sensitive information at rest, in transit and in use
Protecting access to sensitive information with strong authentication
Thoughts, comments, news, and reflections about healthcare IT from Microsoft's worldwide health senior director Bill Crounse, MD, on how information technology can improve healthcare delivery and services around the world.
Improving the quality and reducing the cost of patient care depends on digitizing healthcare workflows and moving to electronic patient records. These records are a type of sensitive information, also referred to as electronic Protected Health Information (ePHI). Sensitive information in electronic form presents new vulnerabilities compared to paper-based equivalents.
The security and privacy risks associated with sensitive information are increased by several growing trends in healthcare, including clinician mobility and wireless networking, health information exchange, cloud computing, "bring your own computer", and the use of Personal Health Records (PHRs). The sophistication
of malware and security threats is increasing. Compounding these challenges are the limited budgets that healthcare organizations typically have available to mitigate risk, coupled with the rising consequences of failure to safeguard sensitive information.
