Securing Patient Data

By Wylie Wong  |  Posted 2009-01-23

As more health care providers make patient information available over the Web and on wireless devices, security and patient privacy are foremost on IT administrators’ minds. They use all the traditional layers of security, including firewalls, intrusion detection tools, and anti-virus and anti-spyware software.

At Island Hospital, the IT staff uses its Meditech software suite, which includes its electronic medical records, to set security policies and control access to data. Doctors, for example, can see only their own patients’ information, says Rick Kiser, the hospital’s assistant director of information systems. The IT staff also uses the software to run audits to verify that data has not been compromised.

Gartner analyst Barry Runyon says VPNs are often used for remote access, but cautions that strong authentication beyond passwords is essential. He suggests two-factor authentication, which combines security tokens or voice authentication with passwords.