CISOs: Top 3 Challenges for 2014A Discussion of Pivotal Healthcare Privacy, Security Issues
"Healthcare CISOs have to keep up with the business associate compliance requirements," she says. "They have to make sure they've fully documented assessment of the business associates ... And business associates also need to make sure they have all their processes in place in regards to privacy and security."
In an interview with Information Security Media Group, Fahim-Koster, a security consultant who formerly was executive director of information security and compliance at Piedmont Healthcare in Atlanta, says two other challenges for CISOs in the year ahead are mobile security and secure health information exchange."Privacy and security of mobile applications are a challenge, but incorporating patient-provided information into the medical record from those mobile apps can be quite daunting," Fahim-Koster says.
And as more healthcare providers express interest in sharing patient information via text messages, that creates new privacy concerns, she explains, especially when there's no mechanism that allows texted information to securely land directly into electronic health records.
With health information exchange organizations springing up across the country, "CISOs really need to get in front of the privacy and security challenges of integration of systems internally and with ... exchanges," she says. Exchanging patient records raises new issues, including how to obtain patient consent as well as how to segregate the most sensitive data, such as mental health and substance abuse information, she says.
In the interview, Fahim-Koster also discusses:
- What aspects of HIPAA Omnibus compliance are giving covered entities and business associates the most trouble;
- Tips for breach prevention;
- What technologies should be on the priority lists of healthcare CISOs in the year ahead.
Fahim-Koster, who has 16 years of healthcare industry experience, joined Meditology Services, an Atlanta-based healthcare consulting firm, in October at its director of IT risk management. Previously, she was the executive director of information security and regulatory compliance for Piedmont Healthcare. Earlier, Fahim-Koster was information privacy and security director at Gwinnett Medical Center in Lawrenceville, Ga.