Breaches resulting from lost or stolen electronic medical record (EMR) servers or backups are usually less likely than breaches from loss or theft of mobile devices. However, searching on “server” or “backup” in Health and Human Services published data on Breaches 500 or More Individuals shows that these types of breaches have occurred many times in recent years.


When these types of breaches do occur they often have a much higher business impact than breaches resulting from loss or theft of a mobile device. This is because server or backup breaches often involve records for all of the patients in the EMR, rather than a small subset of patient records stored on a mobile device, for example for patients a healthcare worker will visit on a particular day. The Ponemon 2011 Cost of a Data Breach Study shows that the average total cost of a breach in 2011 was $5.5 million USD. Clearly a staggering cost for any healthcare organization.


These types of risks can be effectively mitigated using encryption on EMR databases and backups. However, activating encryption on databases adds significant additional computational overhead that can noticeably degrade performance of the EMR, the healthcare worker user experience and productivity, and ultimately the quality of patient care. Accelerating encryption on databases running on Xeon processors using Intel AES-NI (Advanced Encryption Standard – New Instructions) can offload most of the additional encryption and decryption overhead, enabling strong encryption security to avoid breaches, while also preserving performance and enabling a great healthcare user experience, productivity, and improved quality of patient care.


For more about encryption performance of InterSystems Cache database and the benefits of Intel AES-NI, including the use of new Multi-Buffer capability for interleaved encryption of multiple data blocks, see the whitepaper High Performance Encryption for Electronic Health Record Databases.


To find out more about encryption overhead and the benefits of Intel AES-NI in an Epic Systems Corporation Reporting Solution using an Oracle database see the whitepaper Encrypt Healthcare Data with Performance Using Intel® Xeon® Processors.


What questions do you have?


Mobile technology has the potential to empower healthcare workers with unprecedented access and availability to health information in a number of different environments, supported on a wide array of devices. This can lead to faster decision making, better collaboration and improved patient engagement at the point of care. But how can Health-IT best enable their clinical end-users to take advantage of these capabilities? How can mobile solutions support collaborative workflows in a safe and secure manner without compromising end user experience?


I recently co-authored a paper titled: Using Mobile Point of Care to Improve Healthcare Delivery.  The paper outlines some of the key considerations when developing a strategy for clinical mobility:

Device Model:  Matching the right device with the right clinical workflow is essential. One size does not fit all. While some tasks such as viewing information in the patient record can work very well on a mobile device such as a tablet, others such as diagnostic quality medical imaging may not be appropriate for these types of devices.  Involving end-users in the device selection and evaluation process is also critical.

Service Delivery Model: Many healthcare organizations are turning to desktop virtualization in order to reduce IT complexity and to more easily support a variety of client device types. There are many different types of desktop virtualization. Selecting the right service delivery model(s) requires careful analysis of the clinical workflows that need to be supported to ensure a good end-user experience.

Device Management Model: Devices that are provided to end users by IT must be easily provisioned, managed, and decommissioned. Devices brought in by end users (BYOD) need to be safely incorporated into the IT environment.


Security: Sensitive information must be protected at rest and in transit.  In order to minimize the chance of a breach, controls such as encryption, remote wipe, and DLP (data loss prevention) should be strongly considered. Regular training for end users on proper use of mobile devices and associated technologies in a clinical environment is highly recommended.


End User Experience: Ideally, IT will be invisible to clinical end users. If infrastructure “gets in the way” of clinicians providing care to patients, they will actively search for alternate solutions (which may or may not be conformant with organizational policy). Providing a good user experience is one way to help mitigate this concern.


What questions or thoughts do you have about clinical mobility? If this is an area that is relevant to your job or is of special interest to you, I encourage you to take a look at the paper provided at the link above. You can also follow me @CGoughPDX on Twitter.

Healthcare and Life Sciences are currently challenged with multiple major trends including EHR, HIE, BYOD IT (Bring Your Own Device – Information Technology), Big Data IT, social media, advanced threats, and increasingly complex regulations. These promise compelling benefits, but also bring significant privacy and security risk. Concurrently, breaches have reached alarming levels of frequency and business impact. Healthcare trends including BYOD and social medial are empowering healthcare workers with more tools than ever before to deliver great patient healthcare, but these tools also bring non-compliance issues and additional risk.

That's why you should take 20 minutes and check out this concise, on-demand webinar, Data Security in Healthcare: A Foundational Approach

This webinar from Intel and Dell SecureWorks discusses practical strategies and best practices as a foundational approach to use privacy and security as an enabler to embrace healthcare trends safely, realizing the benefits while minimizing risk of security incidents such as breaches. The importance of delivering strong security while enabling a great healthcare worker user experience is key to user acceptance of security, compliance, and avoiding healthcare workers being compelling to use alternatives that bring additional risk.

Future technical security safeguards will increasingly be implemented as services and software that are vertically integrated with hardware assisted security for both stronger security and an improved user experience. Key technical safeguards are discussed including encryption, 2-factor authentication, anti-malware, IDS / IPS, IAM, anti-theft / remote lock and wipe, and DLP. This hardware assisted security, that is security hardware embedded in client and server processors, will serve to accelerate, harden, improve usability and reduce the cost of security solutions for healthcare. Administrative tools including policy, procedures, risk assessments, training and audit and compliance are also discussed as key safeguards within a holistic approach to ensure robust privacy and security.

Where are you seeing challenges with your healthcare workers user experience with security, and what kinds of alternative BYOD, social media or other tools are they using that drive non-compliance issues and additional risk?

As healthcare providers adopt electronic medical records (EMRs) and other digital health information tools, they’re creating a wealth of data—and looking for ways to gain added value from it. That’s why Intel and GE Healthcare are using technology innovation to help practices track and increase quality of care.


In the below video and accompanying white paper, Data Analysis in a Private Cloud Helps Drive Healthcare Improvements, learn more from Jon D. Morrow, MD, senior medical leader, GE Healthcare, on how GE Healthcare’s  Medical Quality Improvement Consortium  project securely analyses de-identified data in more than 30 million health records to help healthcare organizations improve quality, benchmarking and population-based medical research.



Read the paper and let us know what questions you have.

Filter Blog

By date:
By tag: