Despite stringent regulatory mandates, the healthcare industry has been an avid adopter of new technology. Mobility in particular has proven to be a boon for doctors and other hospital staff. For this reason, looking at IT implementations within healthcare organizations can serve as a good way to learn what works best and what doesn't work quite as well.

Healthcare faces unique data security challenges, however, that have impaired progress to deploying effective practices. As the Health Information Trust Alliance (HITRUST) recently reported, the health industry represents a common target for cybercriminals. While the total number of data breaches has declined since 2009, organizations have a long road ahead of them in many specific threat areas.

For example, the number of industry-wide breaches has held steady for several years, but hospitals in particular have made significant strides in mitigating incidents. Hospitals and health systems experienced a 71 percent reduction in breaches from 2010 to 2011, and early numbers for 2012 look even more promising. HITRUST attributed the decline to adoption of governance frameworks that encourage the combination of technology implementations such as data encryption software and awareness training for hospital staff that identifies best practices.

Analysts called for more widespread adoption of frameworks such as the HITRUST Common Security Framework, which incorporates elements of industry mandates such as the Health Insurance Portability and Accountability Act and recommendations from security experts. HITRUST also identified the need for cost-effective and simple data security solutions, which would better position medical staff to follow these guidelines.

"We are seeing healthcare providers adopting the HITRUST CSF at a greater rate than other segments, which could be attributed to escalating pressures faced by this industry segment relating to the protection of health information,” said Daniel Nutkis, chief executive officer. HITRUST "This group is also leveraging guidance from the CSF Assurance Program that focuses on the high risks for healthcare such as unencrypted devices in support of their meaningful use attestations."

Data security deserves higher priority
Another challenge may simply be due to budget prioritization. According to Rick Kam of ID Experts and Larry Ponemon of the Ponemon Institute, the lack of financial resources being put into data security and privacy is leaving many healthcare organizations vulnerable - particularly since they have been increasingly adopting mobile technology and cloud computing. Writing for Forbes, the two experts suggested executives need to allow more resources for data protection software and other security solutions.