Is the healthcare field really this bad?

5502george

So i was in a conversation with an IT director for a private cancer center (mid size) and he was telling me that the organization finally got email encryption. That they were looking at getting a more secure way of logging into computers (multiple staff using same username and password) like token based. He went on and on about all of the things he had planned to do and it made me wonder......

......for an organization dealing with HIPPA etc... how in the hell could they be so far from compliance and still be running a very very sucessful clinic.

I was giving him ideas on how to secure various parts of the operation but it kinda scared me that the healthcare field treated patients info in such an unsecure manner

TeKniques

This is not at all that surprising. And it's not just tied to healthcare ... you'll find similar environments in lawyer, CPA firms, financial services, Government assistance organizations, etc.

They are not all like this, but a majority are. Most do not even know what type of regulatory compliance laws they are required to follow. This is mostly the result of poor IT governance from the top. In smaller shops the resources available to focus on IT governance and regulatory compliance are usually non-existent, and the only thing that causes anything to be done about it is some sort of data security breach. On the flip side there are some places that have things tightened up like a fortress, but still end up being compromised (VA comes to mind).

Chitownjedi

I just went through our HITRUST-HIPPA re certification and it was a damn pain pain pain pain pain pain pain.... ...... Yes, the level of complacency is disgusting, and again, until their backs are against a wall.. please be assured that most places will let things like that happen.

ande0255

From what I've experienced, most major healthcare networks are extremely locked down in terms of policies, and to even work for them you have to sign 50 different privacy agreements. I could imagine the smaller ones could fly under the radar though.

devils_haircut

Basically, my experience has been what ande0255 said. In addition, the staff at the healthcare provider where I work (particularly the doctors) are so resistant to any sort of technological change that it makes implementing new processes, software, or equipment major PITA. And since hospitals don't close and people never stop getting sick, working around their schedule can be frustrating. The place I work isn't as bad as OP mentioned, but there are still many things about their security and patient information that make me scratch my head.

WafflesAndRootbeer

I've heard nothing but horror stories myself and since Health IT is mostly outsourced here, it's no surprise.

TLeTourneau

I agree with ande0255, the smaller facilities tend to be more complacient and gets more staff pushback. Larger orginizations in general have better enforcement of policies and the institutional strength to ensure policies are followed at all levels. At least that has been my experience in healthcare IT.

pamccabe

I don't know about the health field but I used to do work for a dental office. It was run by three dentists and it was HORRIBLE. They wanted no part in anything that hindered them from clicking on whatever they wanted. They kept saying time is money and they couldn't work through security crap. I think we can all see the irony in that statement. Anyway, this office had 5 external drives for backups. One for every day of the week. They would rotate them and keep them offsite. One of them eventually failed, and I brought this up to one of the dentists. He said he had to call a meeting with the other two dentists to see what course of action they needed to take. A meeting to discuss spending $90 on a drive for backups. It was then I realized I didn't want to have to convince people in business to keep their data safe.