You are here


HIMSS Survey Reveals Acute Care Providers’ Concerns about Cybersecurity

Posted by Marianna Prodan
Protecting patient data

“What happens with the information I share with others?”

That’s a pressing question for information security professionals at hospitals and other acute care organizations.

When the 2017 HIMSS Cybersecurity Survey asked these security experts for their top concerns about information sharing, here’s how they responded:

  • Lack of transparency (selected by 47% of respondents)
  • Lack of confidentiality (39%)
  • Lack of trust (39%)
  • Lack of vetted participants (37%)
  • Lack of security enforcement mechanisms (31%)

According to the survey, care provider security professionals do not have a clear understanding of where information goes and what risks are created when information is shared. Their organizations lack a technological solution for tracking content as it travels inside or outside the organization. Did only the proper recipients open a file? Was a file copied or forwarded? Lacking adequate transparency into where information has gone, the ability to perform risk analysis is fundamentally compromised.

The survey found that these security professionals also lack confidentiality–that is, “an enforcement mechanism to ensure that any information shared will be kept in strict confidence.”

Obviously, the requirement for confidentiality applies to all employees in the organization, including medical staff sharing information with specialists, insurance companies, and other outside parties. If a doctor on staff shares patient information with an outside specialist, will that information be kept in confidence as required by HIPAA? Security professionals aren’t so sure.

Ultimately, if critical data security and data monitoring mechanisms are missing, then data privacy is at risk.

Integrated Data Governance for Cybersecurity

The Accellion Integrated Data Governance Framework addresses the concerns of these cybersecurity professionals by protecting information and providing clear audit trails and comprehensive reports and dashboards on where, how and with whom information is shared.

The Accellion framework integrates with the IT infrastructure acute care providers already have—including Enterprise Content Management (ECM) platforms such as Microsoft SharePoint, productivity tools such as Office 365 and Microsoft Outlook, and security products such as LDAP/AD, 2FA/MFA, SSO, ATP, DLP and MDM services.

The Accellion framework enables information security professionals to define security policies and role-based access controls that will be enforced consistently across the enterprise for content shared not only within the organization but also with outside parties. Senders can share information through Outlook, SFTP, or other means, and protect content from being accessed, viewed, downloaded, modified, or shared by unauthorized individuals. Senders can also apply watermarks to content and set expiration dates for messages and files. Whether at rest in a content repository or in transit through email or FTP, content is always encrypted to protect it from illicit access or tampering.

In addition, all information shared is logged. IT professionals can review logs and generate reports to confirm that information was shared properly and that the organization is in compliance with data security regulations such as HIPAA.

See a Demo

If you work for an acute care organization and would like to see a demo of the Accellion Integrated Governance Framework in action, please contact us.