Protecting Patient Information in Outsourced Telehealth Services: Bolting on Security when it cannot be Baked in

Hospitals have increasingly employed outsourcing to lower the cost of healthcare delivery and improve efficiency and quality, thereby, enabling more focus on core competencies of patient care, teaching, and research. Outsourcing presents a challenge for protecting patient information when new services are implemented or integrated into an existing healthcare information system. Enabling new outsourced telehealth services often requires “bolting on†security to legacy systems rather than “baking†it into the system. This article addresses security practices necessary for healthcare organizations implementing new telehealth services as part of an outsourced relationship. While a number of recommendations are available for security readiness assessments pursuant to HIPAA compliance, none directly addresses the challenge of implementing security for outsourced clinical services. A case study is presented for a recent implementation of teleradiology services within a large regional hospital. Using the case, system vulnerabilities are demonstrated and relevant best practices to mitigate exposing patient information are discussed.

[1]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[2]  Amar Gupta Outsourcing and Offshoring of Professional Services: Business Optimization in a Global Economy , 2008 .

[3]  A. B. Patki,et al.  Innovative Technological Paradigms for Corporate Offshoring , 2007, J. Electron. Commer. Organ..

[4]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[5]  Satwik Seshasai,et al.  The Role of Information Resource Management in Enabling the 24-Hour Knowledge Factory , 2008 .

[6]  S. Sando,et al.  Outsourcing of Medical Surgery and the Evolution of Medical Telesurgery , 2010 .

[7]  Nathan Denny,et al.  Hybrid Offshoring: Composite Personae and Evolving Collaboration Technologies , 2008, Inf. Resour. Manag. J..

[8]  Jonathan Lazar,et al.  Web Accessibility for Users with Disabilities: A Multi-faceted Ethical Analysis , 2004 .

[9]  Kirk St. Amant,et al.  IT Outsourcing: Concepts, Methodologies, Tools, and Applications , 2009 .

[10]  Moshe Zviran,et al.  Goals and Practices in Maintaining Information Systems Security , 2010, Int. J. Inf. Secur. Priv..

[11]  Harbhajan Kehal,et al.  Outsourcing and Offshoring in the 21st Century: A Socio-Economic Perspective , 2006 .

[12]  A. B. Patki,et al.  Transformation from the Information Age to the Conceptual Age: Impact on Outsourcing , 2008, J. Inf. Technol. Res..

[13]  Tharam S. Dillon,et al.  Privacy-Preserving Transactions Protocol Using Mobile Agents with Mutual Authentication , 2007, Int. J. Inf. Secur. Priv..

[14]  Joseph A. Cazier,et al.  The Role of Privacy Risk in IT Acceptance: An Empirical Study , 2007, Int. J. Inf. Secur. Priv..

[15]  F. Nelson Ford,et al.  Information Security Effectiveness: Conceptualization and Validation of a Theory , 2007, Int. J. Inf. Secur. Priv..

[16]  Anthony Atkins,et al.  Outsourcing Decision-Making: A Review of Strategic Frameworksand Proposal of a Multi-Perspective Approach , 2008 .