TRENDING:

Building Public Trust in Secure EHRs

Blumenthal, Cybersecurity Czar Working on Recommendations Howard Anderson (ismg_editor) • October 5, 2010    
Building Public Trust in Secure EHRs
David Blumenthal, M.D., the government's point man on implementing the provisions of the HITECH Act, is collaborating with White House Cybersecurity Coordinator Howard Schmidt to develop guidance on healthcare information security.

As part of that collaboration, a governmentwide coordination council soon will make recommendations on healthcare security issues, said Blumenthal, the Department of Health and Human Services' national coordinator for health information technology. Councils are formed to work on interagency cybersecurity projects.

To build public trust in widespread use of electronic health records and the exchange of clinical information, as called for under the HITECH Act, will require building public confidence that healthcare information will remain secure, Blumenthal said Tuesday in his keynote address at the HIPAA Summit West in San Francisco.

The HITECH Act, among other things, provides funding for Medicare and Medicaid EHR incentive payments to physicians and hospitals as well as state grants to support development of health information exchanges.

Next Security Steps

"We'll be examining where we need to go forward with new guidance, regulation or law to assure the public stays with us on this endeavor," Blumenthal said.

As part of that effort, federal officials also are reviewing the recommendations of a privacy and security tiger team regarding such issues as gaining patient consent to exchange their information, he noted.

Building public trust will require a "broad, deep national dialogue" on the issue of how to give patients control over their information, Blumenthal said. To initiate dialogue, Blumenthal's office will conduct "listening sessions" on privacy and security issues with consumers across the country, starting later this month.

"The public hopefully will conclude that the value of health information exchange greatly exceeds the risks to privacy ... as long as they trust that we are doing everything humanly possible to protect their information," Blumenthal said.

Addressing Breach Threats

Although the public is primarily concerned that hackers might access their health information, the bigger threats, Blumenthal said, are from the careless practices of healthcare organizations. Most major breaches reported to the HHS Office for Civil Rights, he noted, have involved lost or stolen unencrypted laptops and other devices.

"The first thing we have to do is get the basics right," Blumenthal said. "For example, we have to make sure that laptops used by health professionals are automatically encrypted."

Responding to a question about variations in state privacy laws that might impede the exchange of data across state lines, Blumenthal suggested initial efforts should focus on "getting information flowing within states." Then communities, such as Boston, that would greatly benefit from exchanging data with those in other states could begin to work on addressing variations in state laws.

"There will be a political push to solve those problems in those states where there's a clear rationale to make state laws compatible," he said.

Previous
Suit: CVS Caremark Violating HIPAA
Next
Cybersecurity as a Catalyst for Economic Growth

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.