November 2009 Archives

The Healthcare Industry is experiencing explosive change due to government mandates and regulations that hospitals and healthcare facilities "clean up their act" and catch up to the corporate world through the use of technology. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires companies to adopt administrative, physical, and technical measures to protect the confidentiality, integrity, and availability of certain health information. In addition, the stimulus act signed by President Obama directs $17 billion to doctors and hospitals, beginning in 2011, that make "meaningful use" of electronic medical records. In 2015, health care providers may face financial penalties if they are still using paper charts.

The pressure is on, but many hospitals aren't ready to act. Hospitals and physician offices frequently do not have the funds or the staff to support such major changes in their workflow. The promise of the stimulus money, while an incentive, does not go far enough as it is still unclear as to how the government defines "meaningful use."  This dilemma is forcing hospitals to act before knowing if the actions they are taking will meet the compliance rules and laws.

The immediate problems that hospitals face will be dealt with in due time. There are many vendors out there ready to assist hospitals with their automation, such as Picis, Inc., a Massachusetts based company that provides software to automate the data and workflows in the OR, ER, and ICU, or Lynx, a Seattle-based company that provides software to financially optimize Emergency Departments through sophisticated billing and coding algorithms. Some of the giants (McKesson and Siemens for example) are no doubt counting on the stimulus money going to hospitals to stimulate their own businesses, vying to be the vendor of choice for hospitals and health care facilities taking the plunge into automation.

Once hospitals and healthcare facilities are up and running on their chosen systems, however, a much larger problem looms. Although the introduction of electronic records will serve to reduce medical errors, health care facilities will also be subject, like everyone else, to hackers ready to steal sensitive medical, credit card, and personal information. Hospitals must hire extra IT security personnel to oversee and protect the data that their new IT systems house while securing their networks to fend off the onslaught of cyber attacks, to which no business is immune.

Hospitals must factor into their budget, along with the IT system or systems they purchase, the management of their networks in which their sensitive information travels. A firewall and an intrusion detection system (IDS) or intrusion prevention system (IPS) is not enough to secure a network. A network forensic appliance tool (NFAT) such as Sandstorm's NetIntercept can help hospitals to better protect themselves and their patients through sophisticated and cost-effective network monitoring, patented digital forensic capabilities, and a chain-of-custody feature that allows digital signatures in the event the data ever ends up in court. For many hospitals, a network forensic tool not only helps to protect their sensitive data, but can also protect their IT investment.