Healthcare organizations have always gone to great lengths to protect the confidentiality of their patients' medical information. Advances in technology have allowed the complex alliances between hospitals, insurance agencies, billing clearinghouses and doctors' offices to operate more efficiently and provide better patient care. However, that same technology puts confidentiality at risk, as most attacks aimed at altering or accessing confidential data succeed because of vulnerabilities in the applications. While protective technologies such as firewalls and intrusion prevention are critical to protecting networks, they cannot fundamentally address the underlying security issue: vulnerabilities within applications that put confidential patient data in jeopardy.
A growing awareness of the risks posed by providing health care across networked applications led in part to the creation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), designed specifically to guarantee patient privacy rights, and to enforce healthcare organizations' responsibility for keeping that data private. The guidelines offer traditional suggestions for securing confidential data, which have evolved from the inherent security flaws that exist within applications, and serve as a reminder that there is an obligation to do everything possible to ensure the privacy and security of patient records.
