The Security Scrutinizer with Howard Anderson

The Wit and Wisdom of Howard Schmidt

The Wit and Wisdom of Howard Schmidt

For example, he stressed that healthcare organizations of all sizes need to take security more seriously, especially in light of the HITECH Act's toughened HIPAA privacy and security requirements.

A one-doctor clinic needs to trust that the identities of everyone who has contributed information to an electronic health record have been verified and the information is reliable, Schmidt said. "But they don't have an IT department and they don't have a CIO. As a matter of fact, the CIO generally is somebody's child down the road who's really really good at Nintendo."

The key issue is you have to trust the system. If you don't trust the system, nobody will use it, and if nobody uses it, nobody benefits. 

The Obama Administration recognizes that "we need to make sure we have an e-health system that is secure, resilient, protects privacy and works," Schmidt said in his keynote address at the conference, "Safeguarding Health Information: Building Assurance through HIPAA Security," sponsored by the HHS Office for Civil Rights and the National Institute of Standards and Technology.

"The president is very making sure as we move to an e-health environment that we also have the right controls in place when it comes to security and privacy," the cybersecurity czar said.

"The key issue is you have to trust the system. If you don't trust the system, nobody will use it, and if nobody uses it, nobody benefits."

As more healthcare organizations adopt electronic health records and exchange information over health information networks, patients and providers alike need to trust that the information is secure and accurate, Schmidt said.

For example, if a patient provides sensitive personal information to validate membership in a health plan, he wants to be assured that the information will be disposed of properly once he's no longer in the plan, Schmidt said. Patients want answers to their questions about the fate of their information, he said, such as: "Are you going to throw it in a trash can behind the building? Do you shred it? Or is it on a yellow sticky note? Or if it's in a computer system, what are the controls that keep other people from viewing it?"

The National Strategy for Secure Online Transactions, an ongoing White House effort to build policies for identity management, is designed to protect healthcare information as well as financial information, Schmidt stressed.

ID management is essential to the success of health information exchanges, which can, for example, give emergency physicians access to the medical records of an out-of-town patient, he said. ID verification is essential, Schmidt said, so that the doctors treating an accident victim "can have a transaction that is viable and trusted."

Schmidt told his audience of security officers that "security and privacy are two sides of the same coin. Without security, you have no privacy."

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.