Imperva says staff training is essential when medical records are concerned

Redwood Shores, CA, (PresseBox) - Commenting on reports that healthcare and IT experts warned the US Congress earlier this month about security concerns surrounding the increasing use of EHRs (electronic health records), Imperva says that media reports and research points to a lack of understanding within healthcare organisations as to why EHRs need protecting.

According to Rob Rachwald, director of security with the data security specialist, recent research from PricewaterhouseCoopers found that 64 per cent of staff working with EHR data were unaware of whether - or not - their firm had suffered a data breach within the last two years (

"Perhaps worse, only 58 per cent of healthcare providers and 41 per cent of health insurers reported including appropriate EHR usage as a component of their staff privacy training," he said.

"As I said in a recent security training posting, security training is a big deal as, without training, staff do not know how to properly handle data or, more importantly, how to respect that data," he added.

The Imperva director of security went on to say that you wouldn't give a gun novice a fully-loaded weapon without instructions, and similarly, you don't give a medical or healthcare professional a few megabytes of data - and expect it to be properly protected or destroyed.

Rachwald says that, against this backdrop, it is understandable that media reports on the Washington DC lobbying of Congress last week noted that IT security professionals agreed that, if the public are to trust their healthcare records, their healthcare employers need to develop database security best practices.

These best practices, he adds, are the same basic governance principles that any organisation - and not just those handling healthcare data - needs to develop in order pass muster with the appropriate governance regulations.

But, says Rachwald, simply meeting the basic governance regulations is not the end of the story when it comes to organisation's handling EHR data, as this simplistic approach is not going to garner the public's trust.

"Unless healthcare organisations train their staff - and not just their IT staff - in basic aspects of security, and help them understand the reasons why this security is so essential, data breaches involving EHR and allied data will continue to hit the headlines," he added.

For more on Imperva:
For Rob Rachwald's latest opinion on EHR data security:
For more on the lack of EHR security:

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

Was ist OPSEC?

Un­ter OPSEC (Ope­ra­ti­ons Se­cu­ri­ty) ver­steht man im IT-Um­feld die Sum­me von Pro­zes­sen und St­ra­te­gi­en zum Schutz kri­ti­scher Da­ten. OPSEC ba­siert auf fünf ite­ra­ti­ven Teil­pro­zes­sen, die es nach­ein­an­der zu durchlau­fen gilt. Ur­sprüng­lich stammt der Be­griff OPSEC aus dem mi­li­täri­schen Be­reich.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.