by Joseph Ingemi

President Obama's appointment of Howard Schmidt as the nation's new cyber-security chief illustrates the importance of cyber-security in protecting us from what Schmidt called "great dangers to national security, public safety, economic competitiveness, and personal privacy."

Health IT is not immune from these dangers. So as we move forward with connecting our healthcare system electronically, we should not forget about the importance of security.

[More:]

Healthcare providers and health IT professionals should begin the process of developing an IT security plan that takes a 'process' perspective and which evaluates how the users actually use the health IT system.

From there, it should examine the risk of security breaches. It is important to include the non-technical side of the work flow such as employee behavior.

The plan should integrate other standards as well. A good compliance infrastructure attempts to meet multiple requirements. If a solution can fulfill meaningful use, HIPAA and other security requirements, then it is probably a solution worth implementing.

Finally, the plan should have an internal mechanism for reporting violations of its own security policy and for recording corrective actions.

In the end, health IT offers great opportunities for improving healthcare delivery. However, the risks must always be taken into consideration.

Joseph Ingemi is a blogger, Certified Information Systems Auditor, and certified Project Management Professional who writes about healthcare IT issues. He also consults on healthcare IT issues through his company, Pinarus Technologies.