Urgent care: Safeguarding data at health care providers

Still, he says, the biggest risk is the sheer diversity of its networks. “It's difficult to unpack all the different processes,” Lacey says. However, he says the health care industry is making strides in pulling together its clinical and billing applications, consolidating systems and applications in a way that will make them more accessible to physicians and care providers. “We're reducing a lot of complexity and incompatibility…which is most encouraging,” he says. 

Embracing new technologies, as well as streamlining legacy systems, is becoming increasingly important to health care organizations, according to a late 2011 survey of 1,000 U.S. adults by PwC's Health Research Institute. Twenty-eight percent of those polled said they would select a health care provider that offered online doctor consultations over ones that did not, and 17 percent said that whether the facility offered an electronic health record would affect their decision. Further, health care organizations may need to consider the impact of Facebook and Twitter on their information, as almost one-third of all respondents, including half of those under 35, say they have used social media for health care reasons. 

One of the most challenging aspects of the HITECH Act has been that patients now have the right to obtain a copy of their data in the format of their choice, or even ask a provider to transmit the data to a third party that they identify, says Barbara Bennett, partner in the privacy and information management group at Hogan Lovells, an international law firm. 

“There's a lot of deference to the patient's choice,” Bennett says. “This raises the issue of security: If a patient wants you to email their medical record to a friend or their aunt or Facebook, how do you do that securely?”

Daniel Berger, CEO of RedSpin, an IT security assessment company, says that in the face of increasing technological and regulatory demands, the health care sector has gone from being 10 percent of his business three years ago to representing more than 70 percent of his client base now. “The HITECH Act drove a great need for security,” he says. “It breathed new life into the [HIPAA]security assessment rule.”

Under the HITECH Act, health care organizations are incented to implement electronic health records (EHRs) – a change that will make patient information more easily portable and accessible. But, as Berger points out, this step also makes this sensitive data much more concentrated and potentially susceptible to hackers.

Larry Warnock, CEO of Gazzang, a cloud and Big Data security vendor for health care, says hospitals have been “nervous” about leveraging technologies like cloud computing. But as the pressure mounts for health care organizations to make their information both more portable and more secure, Warnock says more of them will come around to embracing these technologies. “Very few health care companies use their IT department as a differentiator,” says Warnock. “That will change.”