In Collaboration with Becker's Hospital Review
Many hospital executives contend with older legacy IT systems that are vulnerable to cyberattacks and may violate HIPAA requirements. While technical challenges abound, one approach is to provide detection and response capabilities through network firewalls through which legacy systems communicate.
Regulatory Obligations to Protect Patient Data on Legacy Systems
HHS and OCR have noted that the HIPAA Security Rule requires covered entities to protect electronic protected health information (ePHI) on IT systems, including legacy systems. However, there are many challenges to implementing cybersecurity programs on these outdated, vulnerable systems. These challenges include:
- Inadequate security features for safeguarding PHI
- Lack of ongoing security updates
- Limited audit capabilities for incident detection
- Difficulty implementing strong data encryption
- Interoperability challenges hindering secure data exchange
- End-of-life issues for unsupported systems
- Difficulties meeting data retention and destruction requirements
Continue Reading the Article
