CIO: More HealthCare.gov Work AheadFormer State Exchange Official Discusses Security Challenges
While the security of the HealthCare.gov website has improved, and the next open enrollment season for Obamacare will go more smoothly than last year's rocky launch, there's still plenty of work to be done, says Curt Kwak, former CIO of the Washington state health insurance exchange.
The security of HealthCare.gov, which has been the subject of intense scrutiny - including multiple Congressional hearings over the last year - has been bolstered, says Kwak, who in July left his position as CIO of the Washington State Health Benefit Exchange to become CIO of Seattle-based surgical practice, Proliance Surgeons.
"Security has gotten better. The most important thing is we have learned quite a bit in the last year of what to expect, what's real, and what is not," he says.
Kwaks expects the next open enrollment season for Obamacare, which kicks off Nov. 15, will go far more smoothly than the rocky launch last year. "If the baseline is Oct. 1, 2013, then yes, it will be better, I will assure you," he says.
But there will still be growing pains, he cautions. "There are still a lot of rule- and law-making changes occurring, and still a lot of criticism on how things are handled," he says in an interview with Information Security Media Group.
Kwak says it will be intriguing to watch how the transition will go for some state-operated healthcare exchanges, including Oregon's, that have decided to join the federally facilitated marketplace due the states' difficulties running their own programs. "There are a lot of dynamics and forces in play - it will be interesting to see how they all work out."
Among the main security criticisms of the HealthCare.gov is that the Department of Health and Human Services' Center for Medicare and Medicaid Services did not complete end-to-end security testing of the website and systems before the troubled HealthCare.gov launch on Oct. 1, 2013 (see GAO: HealthCare.gov Has Security Flaws).
The federally facilitated marketplace last year operated insurance exchanges on behalf of 36 states. CMS administrator Marilyn Tavenner testified in September that CMS would by Nov. 15 implement 22 technical recommendations and six executive recommendations made by the Government Accountability Office to improve HealthCare.gov security (see HealthCare.gov Security Fixes Promised).
In his new role as CIO of a large surgical practice, one of Kwak's top priorities is to improve data security without negatively interfering with the workflow of clinicians.
"We always talk about ease of use for our surgeons, medical assistants, nurses - so they have the confidence that the data they're using or sharing is secure, yet they can continue to do the jobs they've always done," he says.
"They say the cleanest interface or front end probably has the most complex back end. Our job is to make sure they have that clean front end so they don't have to worry about security issues when they use our applications."
In the interview, Kwak also discusses:
- Why mobile security, user awareness and internal threats are among the biggest security challenges facing the healthcare sector;
- How he sizes up emerging privacy and security challenges involved with wearable consumer health device data and also Apple Pay, a new mobile payment system slated to launch on Oct. 20 by Apple;
- Why his top security and privacy priorities include collaborating with other healthcare systems to ensure best practices are being used and shared.
As CIO of Proliance Surgeons, one of the largest surgical practices in the country, Kwak oversees all technology implementation and maintenance necessary to meet the business requirements of Proliance's more than 80 care centers. Previously, Kwak was CIO for about two years at the Washington State Health Benefit Exchange, which is Washington state's insurance exchange under the Affordable Care Act. Before joining the insurance exchange in 2012, Kwak served as CIO at Providence Health & Services and oversaw IT needs at Western Washington Ministries.