Why healthcare doesn’t encrypt: correct, incorrect assumptions

As our readers know, we’ve preached the Gospel of Data Security for quite awhile, to the point where even The Gimlet’s Eyes have crossed. Based on this smart analysis in Healthcare IT News (done by an outsider to healthcare), there are real reasons why HIT leaders are reluctant to implement encryption and security that would be SOP for other types of organizations. Mr. Schuman sorts the ‘drag the feet’ factors:

  1. Outdated but still widely believed: Encryption makes information less accessible across a broad network, increasing retrieve and review time. There is increased, not decreased, pressure to increase access, including by practices and patients, as part of  Meaningful Use (US).
  2. Encryption as a barrier: Providers see encryption as increasing time, decreasing  usability of systems, making workarounds more difficult.
  3. Encryption not permitted: Equipment designed with a specific hardware/software configuration block security add-ins. The logic is that any add-ins, even for security, could and do compromise performance. They thus violate manufacturers’ warranties and leave hospitals/practices open to legal action if equipment does not perform as intended.
  4. It’s complicated and pricey: Encrypting proliferating devices multiplicity of devices and systems takes manpower–it’s not only not there, but also expensive. Good intentions, but little money, is there.

The solution may lie in encrypting data between applications, not in the hardware/software itself. Hat tip to reader ‘Klondike Playboy’ John Boden.

Categories: Latest News.