Health IT Security Improving as Upgrade Costs Drop


Hospitals are installing better security into their health record systems partly because the software is getting cheaper, Dean Wiech, managing director of Tools4ever, a software security firm, told me recently. 

The rate of hospital use of advanced password protections increased to 49 percent in 2014 from 35 percent in 2011, according to data released by the Office of the National Coordinator for Health IT. The data show that more than ever, hospitals are implementing two-factor authentication measures, which take log-in security beyond a password and username, for their electronic health record systems. 

The cost of implementing a two-factor authentication system in a hospital has dropped from $30 per user in 2010 to roughly $10 per user, Wiech said. Similarly, the cost of implementing identity management software has dropped from $70 per user in 2010 to about $10 to $20 per user, he said. 

The historically high cost of the software also accounts for why larger hospitals have adopted stricter security measures, Wiech said. 

According to the ONC, 63 percent of large hospitals had adopted two-factor authentication in 2014, compared to 35 percent of critical access hospitals and 40 percent of small, rural hospitals. 

For the full story, take a free trial to the Health Law Resource Center to receive industry-leading health law news and analysis.