Imperva says staff training is essential when medical records are concerned
According to Rob Rachwald, director of security with the data security specialist, recent research from PricewaterhouseCoopers found that 64 per cent of staff working with EHR data were unaware of whether - or not - their firm had suffered a data breach within the last two years (http://bit.ly/sS0NmX).
"Perhaps worse, only 58 per cent of healthcare providers and 41 per cent of health insurers reported including appropriate EHR usage as a component of their staff privacy training," he said.
"As I said in a recent security training posting, security training is a big deal as, without training, staff do not know how to properly handle data or, more importantly, how to respect that data," he added.
The Imperva director of security went on to say that you wouldn't give a gun novice a fully-loaded weapon without instructions, and similarly, you don't give a medical or healthcare professional a few megabytes of data - and expect it to be properly protected or destroyed.
Rachwald says that, against this backdrop, it is understandable that media reports on the Washington DC lobbying of Congress last week noted that IT security professionals agreed that, if the public are to trust their healthcare records, their healthcare employers need to develop database security best practices.
These best practices, he adds, are the same basic governance principles that any organisation - and not just those handling healthcare data - needs to develop in order pass muster with the appropriate governance regulations.
But, says Rachwald, simply meeting the basic governance regulations is not the end of the story when it comes to organisation's handling EHR data, as this simplistic approach is not going to garner the public's trust.
"Unless healthcare organisations train their staff - and not just their IT staff - in basic aspects of security, and help them understand the reasons why this security is so essential, data breaches involving EHR and allied data will continue to hit the headlines," he added.
For more on Imperva: www.imperva.com
For Rob Rachwald's latest opinion on EHR data security: http://bit.ly/tbD5Io
For more on the lack of EHR security: http://bit.ly/vUqwev
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Was ist OPSEC?
Unter OPSEC (Operations Security) versteht man im IT-Umfeld die Summe von Prozessen und Strategien zum Schutz kritischer Daten. OPSEC basiert auf fünf iterativen Teilprozessen, die es nacheinander zu durchlaufen gilt. Ursprünglich stammt der Begriff OPSEC aus dem militärischen Bereich.Weiterlesen