Examining the widespread use of real patient data in health care application development and test environments, a new report details how this is exposing health-care organizations to the risk of non-compliance to various regulations such as the Health Insurance Portability and Accountability Act (HIPAA).
Additionally, the research provides guidelines for reducing exposure: including the now vital practice of masking and securing live data.
Other key research findings, based on a survey of more than 450 IT professionals in U.S. health care organizations, include:
-- Outsourcing and cloud computing increase the security risk : Outsourcing development and test activities and/or using cloud computing resources introduce additional risk factors, which often prevent health care organizations from turning to these potentially advantageous resources. 40 percent do not outsource due to security concerns, while a mere 19 percent are confident or very confident about security in a cloud environment.
-- Health care industry disillusioned with data protection goals -- Protection of real data in the development and testing environment is important to respondents but the majority does not know or believe they are successful in achieving this goal. Seventy-four percent say that meeting privacy and data protection requirements in the health care services industry is important but only 35 percent say they believe their company is successful in achieving this goal.
-- With only 35 percent of respondents believing their organization is successful at protecting patient privacy in development and test environments, Ponemon Institute recommends immediate actions including: centralized executive oversight; data masking; data masking helps safeguard sensitive, private or confidential data such as protected health information (PHI) or personal health records (PHR) by masking it in-flight or in-place. As a result, fully functional, realistic data sets can be used safely in development, testing, training and other non-production environments. Regardless of whether the work is managed in house, off-shored or outsourced, companies have the peace of mind knowing they will not be exposed to malicious or advertent data spills or in violation of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) or other regulations; with Informatica Data Masking, sensitive data can be discovered and systematically de-identified using algorithms that obfuscate the original data, but retain its original format and properties so that applications that depend on that data continue to function properly during development and test activities.
Contact: http://www.informatica.com
No comments:
Post a Comment