By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Health Works CollectiveHealth Works CollectiveHealth Works Collective
  • Health
    • Mental Health
  • Policy and Law
    • Global Healthcare
    • Medical Ethics
  • Medical Innovations
  • News
  • Wellness
  • Tech
Search
© 2023 HealthWorks Collective. All Rights Reserved.
Reading: Healthcare Data Security: How Bad is it?
Share
Notification Show More
Font ResizerAa
Health Works CollectiveHealth Works Collective
Font ResizerAa
Search
Follow US
  • About
  • Contact
  • Privacy
© 2023 HealthWorks Collective. All Rights Reserved.
Health Works Collective > Business > Healthcare Data Security: How Bad is it?
BusinessTechnology

Healthcare Data Security: How Bad is it?

RobertLambert
RobertLambert
Share
4 Min Read
SHARE

It is really bad, according to a recent survey by the Ponemon Institute (available here with registratio

It is really bad, according to a recent survey by the Ponemon Institute (available here with registration). The white paper, entitled Health Data at Risk in Development: A Call for Data Masking, presents the results of a survey of 492 health care IT professionals on their companies’ practices regarding use of live personal health care data in application testing.

It makes a scary read.  Here are the lowlights:

  • 57 percent of respondents say “their organizations use patient billing and insurance information in development and test of IT applications.”
  • 57 percent responded that their company “does not protect real data used in software development and testing.”
  • Many respondents “admit real data used in the testing and development environment has been lost or stolen.” “Thirty-eight percent say they have had a breach involving real data and 12 percent are uncertain.”

The white paper lists a litany of health care data transgressions like those above, then reviews the stiff legal penalties associated with health care data security breaches, which can be as high as $250,000 per violation.

More Read

Avoid These Dangerous Healthcare Misconceptions as a Millennial Business Owner
The Not-A-Marketing Book Every Healthcare Marketer Should Read
20 Reasons You Need a First Class Internet Plan for 2014
Opportunities for Surgical Sealants, Glues and Hemostatic Agents
There’s No Difference Between mHealth and Telemedicine [VIDEO]

The paper ends with these recommendations:

  • Assign a Chief Information Security Officer (CISO) “for the safeguarding of real data used in application testing and development.
  • “Create policies and procedures for the protection of real data used in application testing and development.
  • “Educate employees about the importance of protecting sensitive data in application testing and development.
  • “Use encryption, data leak prevention, access management, and other information security technologies.
  • “Use de-identified, masked, or dummy data rather than live data in the test and development process.”

Certainly all of these measures can be valuable, and to this list I would add a seventh recommendation from a recent article: “background checks and non-disclosure agreements for developers and testers as with health care staff and claims administrators.”

I believe that most organizations by now consistently apply education, encryption/physical security, and background checks. The current strategy of choice seems to be having trustworthy individuals work in a secure, encrypted environment.

When organizations move beyond this prevailing strategy, they must do so in a way that promotes rather than inhibits IT productivity.  According to Data Architect Cameron Snapp, “not only do businesses have to establish these policies (and get the developers to follow them), but they also should provide effective infrastructure, data accessibility, processes, and tools that enable application staff to follow them. For example, if an organization masks production personal health data for use in test, then it must accurately mimic production.  Otherwise test cases might fail even though the application works as designed!” Cameron advises that “security is two-leveled: organizations must establish policies and regulate adherence, but also enable productivity with processes, tools, and actionable data that doesn’t inhibit progress.”

Hopefully recent highly publicized breaches in the financial world will drive information security to the C level of the organization and mandate effective masking tools in application development and test.

TAGGED:Data ManagementInformation SecurityInformation TechnologyPrivacy
Share This Article
Facebook Copy Link Print
Share

Stay Connected

1.5kFollowersLike
4.5kFollowersFollow
2.8kFollowersPin
136kSubscribersSubscribe

Latest News

dental care
Importance of Good Dental Care for Health and Confidence
Dental health Specialties
October 2, 2025
AI in Healthcare
AI in Healthcare: Technology is Transforming the Global Landscape
Global Healthcare Policy & Law Technology
October 1, 2025
Choosing the Right Swimwear for Health and Safety
News
September 30, 2025
sports concussions
Concussion In Sports: How Common They Are And What You Need To Know
Infographics
September 28, 2025

You Might also Like

healthy restaurant ownership tips
Business

4 Things You Need To Know Before Launching A Health Restaurant

June 9, 2021
telehealth saves money
BusinesseHealthFinanceRemote DiagnosticsTechnology

Virtual Visits: Cutting Healthcare Costs

January 2, 2015

Anthem Increases in California – Close to 39%

March 6, 2011
Image
BusinessFinanceHospital AdministrationOrthopaedics

Orthopedic Revenue Cycle Management: Two Major Concerns (and How to Fix Them)

August 13, 2014
Subscribe
Subscribe to our newsletter to get our newest articles instantly!
Follow US
© 2008-2025 HealthWorks Collective. All Rights Reserved.
  • About
  • Contact
  • Privacy
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?