Summary: Faced with the threat of much stiffer penalties for data security violations and ramped-up enforcement at the federal and state levels, many hospitals are just starting to pay serious attention to security, contends consultant Kate Borten. But they must go far beyond investing in new technologies to develop comprehensive security strategies and actually carry them out, she says. <p>In an interview, Borten, president of the Marblehead Group, predicts that civil suits by state attorneys general, like one recently filed in Connecticut, will grab the attention of hospitals and physician groups of all sizes, hopefully triggering action on data security. The HITECH Act gave state attorneys general the power to file civil suits on healthcare data security violations. </p><p>Patients will be much more likely to file complaints with a state official than they would with a federal agency, she contends, predicting a ramping up of security cases. </p><p>Among Borten's tips for hospitals playing catch-up on data security are: </p><ul> <li>Hire a data security team, not just a chief information security officer. "One FTE alone isn't enough."</li> <li>Conduct an annual risk analysis and build a data security strategy.</li> <li>Prepare a detailed plan on how to report data security breaches. "It's similar to preparing for a computer system disaster."</li> <li>Encrypt all information transmitted over the Internet or a wireless network as well as data stored on portable devices.</li> </ul>
