When the federal government offers incentives to support a change, many organizations sprint to meet the benchmarks that trigger the payoffs. That was the goal when, in 2009, the government offered grant money to spur the adoption of electronic medical records (EMRs). Since 2009, 80 percent of doctors and 60 percent of hospitals have converted to EMRs, and $28 billion has been paid out to health care providers for converting paper files to digital.
A large health care provider in the Midwest was among them. Serving more than 200,000 patients, the organization had thousands of medical records on file that needed to be digitized. The company ramped up the push for electronic records to meet the government incentives, including its requirement to use only electronic records for Medicare and Medicaid patients by the end of 2013.
But as the company, like many providers, rushed to meet these new EMR requirements, it found the cyber security requirements were changing far faster than other technologies.
The organization knew it needed to ramp up security — and quickly — to continue to meet its responsibility to its patients and their privacy, and to continue to meet health care privacy rules and HIPAA requirements, while maintaining the security of the entire system. But with IT resources tied up in the switch to EMRs, how could the organization best upgrade its security? Continue Reading…