IT security in CEE healthcare: IDC looks at new eu data protection rules

15 Jun 2016, Prague: Ensuring patient data privacy and security and guaranteeing compliance with respective laws and regulations are the main hurdles associated with ICT innovation in EU healthcare markets, as International Data Corporation (IDC) recently noted. With the new EU data protection laws that came into force just recently (May 24, 2016), safeguarding patient data is becoming an increasingly challenging task for European healthcare providers. Increases in non-compliance penalties are expected, as the new regulation aims to enhance the protection of citizens’ rights, allowing individuals to have more control over their personal data (including such aspects as access to one’s own data, data portability, a "right to be forgotten", and the right to know when personal data has been hacked). EU member states have two years to incorporate the newly adopted EU General Data Protection Regulation Guide (GDPR) into their national laws.

Meanwhile, compliance needs represent the most powerful drivers for IT security investments in Central and Eastern Europe (CEE) healthcare. IDC Health Insights looked at the results of event polls conducted among healthcare IT executives attending a series of IDC IT Security events held in five CEE cities in 2015 and 2016: Bratislava, Slovakia; Budapest, Hungary; Bucharest, Romania; Prague, the Czech Republic; and Warsaw, Poland.

According to the IDC's Security Roadshow polls, with the anticipated impact of the new EU data protection rules, compliance will remain at the top of the CIO list of priorities, at least among the CEE healthcare organizations surveyed during IDC Security Roadshow events. Beyond data protection regulations, healthcare organizations will also face compliance issues related to care quality, medical devices, and other laws and regulations.

As for the perception of security risks, dealing with insider security threats, including unintentional data loss/leakages, is an ongoing challenge for healthcare IT executives. Malware and external hacking also rank among the top threats. The strongest areas for IT security investments were found to be network security, endpoint security, and identity and access management, as reported by the survey respondents.

With the rise of mobile technologies used in healthcare settings, security concerns are also escalating, especially those around bring-your-own-device (BYOD) policies. According to the survey results, among the 3^rd Platform technologies (that include Big Data, mobility, social business, and cloud), mobility is considered a moderate source of security risk. The other technologies of the 3rd Platform have not been adopted widely enough to present a common security challenge.

When it comes to selecting security solution vendors, cost remains the single most important criterion for the overwhelming majority of respondents. Nevertheless, security certifications and past experience in the industry are also key considerations.

For more details on the survey results, see IDC Health Insights report IT Security in CEE Healthcare: Key Messages from IDC's Security Roadshow Surveys (IDC #CEMA40508716, May 2016). The study highlights the following issues among the healthcare organizations represented by event attendees:

• The deployment status of various IT security solutions
• The perceptions relating to the security risks associated with various technologies, systems, and devices
• The incidences of, and common responses to, security breaches experienced during the previous year
• IT security budget changes, investment strategies, and vendor selection criteria