614-322-2222 or 877-770-8324

Healthcare Information Security is the Most Difficult.



Healthcare Information Security is the Most Difficult.


IT security is no cakewalk to begin with, but healthcare IT security is by far the most difficult. They have compliances and standards to meet, HIPAA for example, like all other sectors; but it’s the transfer, storage, and access of information that is most difficult to control and monitor.

In the financial sector everything revolves around transactions. The financial transaction model is very simple and has been around for hundreds of years. There is money in account A (let’s say it’s my account), there is money in account B (your account), or there is money in the holding companies account, there is no gray area as to who has the money. This entire process has been standardized, regulated and tweaked over time, but is essentially that simple and straightforward. Not to discredit the work of those security specialists, but the dynamics of that business are much more cut and dry.

Now take a look at security from healthcare’s perspective. There are many aspects to look at in this space, but to keep it short we will look at it from a medical records and healthcare insurance perspective. Unlike the financial sector, which has a straightforward transaction model, there is no standardization or uniformity when it comes to interactions involving patient records or healthcare insurance information. It’s very difficult for security specialists to predict how this information will flow regularly and how the information will be used. So many different parties are involved that it can be very difficult to keep track of all the data and who interacts with it, on top of that you have compliances to maintain.

IT healthcare budgets are starting to see a rise over the next few years, but overall they tend to be smaller than ones from other sectors. The financial sector spends more than any other towards these services, so they have more than enough resources. Healthcare does not get nearly the amount of funding, so they are stuck with a more convoluted process but less resources and funding to meet their needs.

This is where the IT department needs to get crafty in finding simple but effective solutions that fit within their budgets. Encryption software that protects data on all mobile and non-mobile devices (we have seen this isn’t widely done) should be at the top. Also, having strong end-point security is a must. Containment of off-network data / data at rest (failed and replaced hard drives, data tapes, flash drives, CD’s, optical discs, etc) and their secure on-site destruction. This protects data that is in storage, in motion, and at rest, and can be handled and maintained relatively easily. Hats off to those individuals who strive to protect our personal data under the most difficult of circumstances.

  • Providing complete “Cradle to Grave” data eradication solutions, sound experience, industry best practices and resources to support you.

  • About An Industry Leader

    TechR2 is the only company in the industry that has earned a US patent for its Track-Contain-Destroy-Verify data security process, is OEM approved, upholds critical ISO certifications, and is recognized for compliance with GDPR, NIST and all governmental regulations concerning data destruction, including ISO 27001, ISO 14001, ISO 9001, and ISO 45001.

  • Why risk it? Get started today!
    Call 614-322-2222 or use this form.