Audit reports hit HHS on digital security - Secure solutions are available
The HHS’ Inspector General report (as reviewed by Joseph Conn of ModernHealthcare.com) on digital security is excellent. But, the audit continues to overlook the fact that completely secure health care systems can be developed and are currently available.
Dr. John Halamka, chairman of HITSP and vice-chairman of the Standards Committee, stated that security is broader than just EHR interoperability standards and EHR applications:
Security is not just about using the right standards or purchasing products that implement those standards. It’s also about the infrastructure on which those products run and the policies that define how they’ll be used. A great software system that supports role-based security is not so useful if everyone is assigned the same role and its accompanying access permissions. Similarly, running great software on an open wireless network could compromise privacy.…
Security is a process, not a product. Hackers are innovative, and security practices need to be constantly enhanced to protect confidentiality. Security is also a balance between ease of use and absolute protection. The most secure library in the world—and the most useless—would be one that never loaned out any books.… Security is an end-to-end process. The health care ecosystem is as vulnerable as its weakest link. Thus, each application, workstation, network and server within an enterprise must be secured to a reasonable extent. The exchange of health care information between enterprises cannot be secured if the enterprises themselves are not secure. [Emphasis in the original.]
Examples of the security weaknesses identified at eight hospitals included:
• unprotected wireless networks,
• lack of vendor support for OSs,
• inadequate system patching,
• outdated or missing antivirus software,
• lack of encryption of data on portable devices and media,
• lack of system event logging or review,
• shared user accounts, and
• excessive user access and administrative rights.
IQware Solutions:
Utilizing the only secure OS (declared unhackable by hackers at DEFCON), unhackable thin clients on consumer devices and patented technologies for developing secure applications in 10-20% of traditional development timeframes and cost, IQware delivers completely secure healthcare solutions.
Contact:
http://www.IQwareSolutions.com
(330) 659-6300