The healthcare industry contains many sub-industries that need to work together in the protection of personal health information (PHI). These sub-industries ensure the security of systems that deliver patient care. Here’s a look at the role each type of organization plays in the healthcare ecosystem as it relates to software security:
Healthcare Delivery Organizations (HDOs)
HDOs include hospitals and medical device manufacturers. Hospitals typically buy a majority of their software. Their role in software security is to configure their software using the guidelines provided by HIPAA, along with their own risk management processes.
Medical Device Manufacturers
Medical device manufacturers write both the software that is used to control the device along with the systems that often accumulate patient data and provide it to hospitals and doctors.
Pharmacies interact with hospitals, doctors, and insurance companies using software they often write themselves. Smaller pharmacies buy software from a few major providers of pharmacy management software.
Pharmacy Benefits Managers (PBMs)
PBMs typically provide mail-order drugs for patients who need them over long periods of time. They interact with the same people that the pharmacy does, but mail the drugs to the patients. They typically write all of their software.
Health Insurance Companies
Health insurance companies write most of the software used to manage interactions with HDOs.
The goal for these types of organizations is to consistently and efficiently share data with one another so the processes currently in place work smoothly together. Changing a component of the process often impacts the sub-industries by requiring them to adjust their software accordingly.
In 2014 and 2015, there was a cluster of security breaches that highlighted some of the information security gaps throughout the healthcare industry. The majority of the industry was moving towards improvements in the security of their software and infrastructure; the breaches accelerated their timelines.