|
|
 THE STAT 26Percentage of wireless customers who use their cell phones to take picturesMore Vitals
| |
JULY 7, 2004
Racing to Cure Sickly Medical Security As more and more health-care data is entrusted to networks, medical pros are getting serious about keeping info under wraps For Kari Cassel, security is literally a matter of life and death. Cassel is the chief information officer at the University of Arkansas for Medical Sciences in Little Rock. The hospital is Arkansas' largest, with 46,000 patients admitted in 2003, and is one of the country's most wired. UAMS uses technology for everything from physician order entry to automated pharmacy cabinets that do away with the time-honored -- but error-prone -- practice of pharmacists counting all the pills they dispense. The UAMS network includes 7,500 PCs as well as thousands of other devices, including printers and handhelds. This computer network improves care and reduces costs -- but it also introduces security risks. "I won't sleep well unless we can secure the systems," says Cassel. To sleep more soundly, Cassel is putting UAMS through a massive security upgrade. Spending on security at UAMS has jumped 80% over the past two years, to $3.5 million. Cassel is overhauling everything from firewalls to intrusion-detection systems to make it harder for hackers to crack the hospital's network. UAMS also is in the midst of installing a new password and auditing system that will allow Cassel and her 178-person team to more easily track wrongdoers who are accessing electronic medical information. TOP PRIORITY. What's behind Cassell's security revamp? Part of the impetus is a looming data-security requirement that's part of the Healthcare Insurance Portability & Accountability Act, a federal mandate that aims to shore up privacy and security in the health-care sector. HIPAA's data-security portion takes effect in April, 2005. "It's easier now to get people to sign off on technology-security investments," Cassel says. That's proving to be a boon to the information-security business. Indeed, just about every company that sells anything remotely connected with health-care info tech or security is pushing some sort of HIPAA-preparation product or service. They range from big systems integrators, such as Cap Gemini Ernst & Young, to security software shops, such as Internet Security Systems (ISSX ), to smaller startups, such as ServGate. Big bucks are at stake. Hospitals spent $23.6 billion on tech gear in 2003, according to health-care research firm Sheldon I. Dorenfest & Associates. That's expected to hit $30 billion by 2006. From 10% to 20% of the total is currently going to IT security spending. That percentage could go up: According to the latest poll of top health-care IT executives by the Healthcare Information & Management Systems Society, 78% say security is their top spending priority. OUT OF THE CABINET. That's a big change from the past. While health-insurance companies have long emphasized security, hospitals, doctor's offices, and nursing homes have punted on these investments. In fact, IT spending accounts for less than 5% of capital expenditures in this sector, compared with 5% to 10% for financial-services and manufacturing companies, according to research firm Gartner. Most health-care providers say tech equipment rarely provides upfront returns, and they believe their systems are secondary targets at best. "Hackers would be more likely to target eBay (EBAY ) than Blue Cross Blue Shield. So those things that are required for day-to-day operations tend to get priority over security investments," says Gartner analyst Wes Reishel. Now, HIPAA and a host of other factors are injecting new thinking. In the past, medical records were stashed in filing cabinets and on mainframes buried in inscrutable data formats. Now, with increasingly decentralized networks, hospitals are pushing more patient info onto handhelds and PCs -- and into the homes of doctors, who can review charts online. But this rapid proliferation of technology, especially wireless data networks in hospitals, has upped the health-care sector's exposure to hackers. Cassel says UAMS took a slow and wary approach to wireless data because of the potential for security breaches.
BW MALL
SPONSORED LINKS
Buy a link now! | | |
 Copyright 2004, Bloomberg L.P.Terms of Use | Privacy Notice |
Printer-Friendly Version