IT DRILLDOWN
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion

 CIO Consumer IT

 CIO Leader

 CIO Enterprise

 CIO Insider

More Newsletters | Edit Profile
 

RSS Feeds »

 
 
LEADERSHIP
 

CIO Executive Programs

The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 

CIO Executive Council

Public Teleconferences

Join CIO Executive Council members and participate in the following live teleconferences:

* Planning for Succession:
Models for IT Leadership Development, June 23
 * Youth in IT: How CIOs Can Engage the Next Generation
 June 10
 * Change Leadership at General Growth Properties: A
Pathways Leadership Development Seminar, June 25

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 

Are you involved in setting the direction for your company's IT budget or strategy?


Apply today for a FREE subscription to CIO Magazine!

Subscription Services »

Reprints »

 
 

Feature

 

Medical Data Breaches Put Patients at Risk

Despite HIPAA, hospitals leave patient data unprotected; one CIO offers tips for getting IT security funding
 

By Kim S. Nash

April 29, 2008CIO — Doctors can't cure the common cold and health care IT managers apparently can't stop the common data breach.

Twenty-one of the 101 of the breaches tracked so far this year by information security group Attrition.org occurred at health care organizations.

For example, insurer WellPoint said in early April that lax security on two servers run for it by a vendor likely exposed on the Internet some personal and medical data for 128,000 patients.

MORE ON CIO.com
Paper Proves Resistant to Electronic Medical Records Cure
HIPAA May Have Privacy Loophole
Trouble Complying with HIPAA

Also in April, New York Presbyterian Hospital notified 40,000 patients that their personal information, including names, phone numbers and some Social Security numbers, were stolen, possibly by a hospital employee. A federal investigation and internal audit are underway.

Whether on paper, as so many medical records remain, or electronic, health care data must be protected according to state and federal regulations. But just because health care staff say they know the rules doesn't mean that information is safe, concludes a new survey from the Healthcare Information and Management Systems Society (HIMSS), a nonprofit professional group for IT managers. The group, with security consulting firm Kroll, polled 263 chief security officers and managers of IT and of health care information.

For example, 75 percent of respondents gave themselves the highest rank possible when it comes to familiarity with HIPAA: 7, on a scale of 1 to 7. The Health Information Portability and Accountability Act, or HIPAA, governs whether and how patient data may be seen and by whom.

HIPAA compliance proves difficult in itself for the organizations that must follow those rules. Early this year, the National Institutes of Health had a laptop stolen, containing patient's private information, from an employee's car. In January, Fallon Community Health Plan announced a laptop being used by one of its vendors was stolen and it, too, contained patient data. In reporting those incidents to the public, each said how they "regret" the thefts. While these organizations offered credit monitoring to affected patients, many companies leave identify theft victims to fend for themselves.

What It Takes to Follow Through on Security Rules

Getting employees and contract vendors to follow corporate security policies requires cajoling and sometimes a bit of drama, says John Hummel, chief technology officer at Perot Systems' health care services group. Hummel has also been CIO at Sutter Health and at the organization that oversees health care in California's state prison system.

 
 
 
 
 
 
Loading...
 
 
ABCs
 

How To Do Nearly Anything

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

Case Study: 24 Hour Fitness turned to SEPATON

BPM Done Right: 15 Ways to Succeed Where Others have Failed

3 Reasons to Invest in Integration Technology Now

Survival of the Fittest: Disaster Recovery Design for the Data Center

Building a Foundation for Pragmatic Service Management White Paper

Strategies for centralizing data backup

The Best IT Strategy for a Company with Global Operations

The PCI Data Security Standard

Tuning ERP and the Supply Chain for Profitable Growth

How Plug-in Integration with Global Suppliers Quickly Multiplies the Value of SAP Investments

White Paper: Transportation is a prime opportunity to reduce costs

Riverbed RiOS 4.0: Raising the Bar in Wide Area Data Services

A Solution for Remote Data Replication

2008 Annual Google Communications Intelligence Report

This white paper highlights best-of-breed solutions being built on the Microsoft platform

IT Service Management: Metrics That Matter

TCO Comparison Report: Reducing Costs in the Data Center

Guidelines for Energy Efficient Data Centers

Drive More Effective Business Processes with SOA

Fuel the Responsive Enterprise Through Oracle Fusion Middleware

Today's Enterprise Workforces: Remote But Not Isolated

E-Discovery: Why Archiving Your Web Presence is a Business Necessity

Webcast: Learn how organizations are overcoming productivity declines

Uniting IT with Business through ITSM

Unified IT Strategy Playbook - A Must Have!

The Forrester Wave & Trade: Enterprise Open Systems Virtual Tape Libraries

The New Growth Paragidm: Multi-Enterprise SOA

Enterprise Service Bus: A Definition

Helping IT Become a Service Provider White Paper

Extending PCI Compliance to the Mobile Workforce

Wide-area data services enable todays global enterprise

Tripwire PCI DSS Solutions: Automated, Continuous Compliance

ITCi White Paper: Challenges and Opportunities of PCI

Compliance by the numbers- addressing requirements with online document management and collaboration technology

White Paper: IDC Analysts Discuss Open Text

Business Transaction Management: The Evolution of IT Management

Case Study: CitiStreet achieves complete disaster recovery protection

Webcast: Learn how Accenture, Avanade and Microsoft are helping organizations overcome productivity declines

Comparing Google and Other Leading Messaging Security Solutions

Secure your virtual and physical environments with the same software.

Research Report: The State of Data Protection in Today's Enterprise

A Must Read on Data Protection Strategies!

Taneja Group Report - The Greening of the Data Center

Balance Your Innovation and Efficiency Platforms for Competitive Advantage and Responsiveness

LIVE Webcast - The Mainframe is Dead...Long Live the Mainframe?

Putting Windows Server and Citrix to Work in the Enterprise

Knowledge Management Best Practices: Get Proven Tips and Techniques

Oracle 9i Database Upgrade Management Services - Upgrade with Confidence

How to Support Your IT Environment - Important Factors

Learn how to communicate the business value of IT