Healthcare IT security has been a sensitive subject for the past 12 months in Utah’s healthcare community with two major healthcare security breaches, but it looks like they are beginning to get their act together. The state has taken action to beef up security practices in the state to prevent future security breaches. Governor Gary Herbert recently signed a bill that creates a security office within the Utah Department of Health. The bill provides funding to support a staff dedicated to security and privacy work. The new group will review and audit technology projects within the Utah Health Department, making sure healthcare security and privacy are made a high priority.

Key Healthcare IT Security Areas of Weakness

An internal audit conducted last year found the following key areas of weakness. These areas will be the top priority for the new security team.

  • Data risk assessment and classification
  • Vendor Management
  • Data security procedures and training
  • Systems development, life-cycle and change management
  • Contingency and disaster planning
  • Governance

As the banking system has tightened their security and privacy requirements over the last few years, cyber-criminals have turned their focus to the Health Care industry. Healthcare identity fraud has become their number one target. Three percent of health care costs in the U.S.—the equivalent of $78 billion—can be attributed to medical fraud.  Without a doubt, health care organizations across the country should be following Utah’s lead in establishing dedicated security offices, reviewing all IT projects that handle personal data and ensuring that HIPAA rules are followed in their entirety.

Here at Partnet, we work hard at keeping government eCommerce sites safe and secure. We commend the State of Utah for taking swift action to protect the citizens of Utah by putting the right security measures in place to prevent further healthcare security breaches.