Breach of patient records or ransomware attacks are a critical issue, and one that more organizations are paying attention to. According to new research from the Ponemon Institute, 89% of healthcare organizations and 60% of business associates have experienced a data breach in the past two years. The pace of breaches has not slowed and costs healthcare providers $6.2 billion each year. Criminal attacks are responsible for up to half of all healthcare data breaches, with the others being attributed to unintentional employee actions, third-party mistakes and stolen computer devices.
We’re in Your Corner
Exchanging patient information among providers is expected while participating in emerging collaborative care and reimbursement models. That data exchange can leave IT systems vulnerable at the point of interchange. McKesson Radiology™ and McKesson Cardiology™ have been designed with security as one of the development priorities, as evidenced by our certifications and the work we do with federal, regional, state and local governments.
The Department of Defense Information Assurance Certification and Accreditation Process (DIACAP) helps ensure that IT companies doing business with the military employ risk management strategies in their products to maintain information assurance throughout the product’s life cycle. That’s a long way of saying that information security is baked into products that carry DIACAP clearance.
Both McKesson Radiology and McKesson Cardiology carry DIACAP clearance, providing organizations with a high level of security while connecting the care team, sharing images throughout the enterprise and giving providers an integrated patient view with shared infrastructure.
As a founding member of the CommonWell Health Alliance, we understand the need for health systems and other providers to leverage the data flowing through their disparate health information systems while maintaining the privacy and security of that data. The alliance strives “to improve transparency to enable providers of care and patients to understand permitted uses, access and disclosure of protected health information and to facilitate the identity management in a manner that protects the privacy of the patient.”
Exchanging patient data among HIPAA-covered entities is one reason the National Association for Trusted Exchange (NATE) and CommonWell recently joined each other’s organizations and began collaborating on interoperability. “NATE expertise is to help address the legal, policy and technical barriers that inhibit health information exchange between HIPAA-covered entities and consumers,” according to article about the partnership announced last month (May).
Consulting Services on Security, Disaster Recovery
Even the largest, most robust IT or Risk Management departments sometimes need assistance getting their hands around emerging issues such as data security and disaster recovery.
McKesson Medical Imaging Consulting™ can help organizations develop and implement business continuity and disaster recovery plans, which often encompass privacy and security issues. Our team of clinical and technical experts can employ several different industry methodologies including ITIL, CMMI, Six Sigma and ISO to help identify and scope a client’s needs and create customized solutions that help to decrease risk and support increasing the speed in which the organization can be up and running again if a breach or disaster should occur. We do this by sourcing and providing the specialized talent and/or technology required to satisfy each organization’s unique requirements.
Data security has always been our priority. It should be yours, too. For more information about McKesson imaging solutions, visit our web site.