COVID-19: CISOs Take on More Security, Privacy ChallengesMitch Parker of Indiana University Health Outlines the Key Emerging Issues
As healthcare organizations across the U.S. respond to the COVID-19 crisis, the list of security and privacy challenges CISOs face continues to grow. Mitch Parker, CISO of Indiana University Health, provides an update on the changing risk management landscape.
For example, the explosion in telehealth services as well as staff working from home has put stress on remote access technologies.
"We've had good experience in getting the applications delivered to whoever needs it. However, organizations haven't faced the ... sheer necessity of rapidly transforming a workforce from one that sat in offices to one that now works remotely in a period of a couple of weeks," he says in an interview with Information Security Media Group.
And when it comes to expanded telehealth, it's not just technological challenges that healthcare entities face, it's confusion over recent guidance issued by the Department of Health and Human Services' Office for Civil Rights about telehealth and certain HIPAA waivers, he notes.
"The guidance that was put out by the OCR about relaxing enforcement of telehealth guidelines has been misinterpreted by many organizations. The guidance that was put out recommended organizations look for solutions that have a reasonable and appropriate degree of security. .... And a lot of organizations have not done that ... You have to have a very critical eye on what solutions you will allow."
In the interview (see audio link below photo), Parker also discusses:
- Emerging medical device security challenges, such as ventilators that are being put into use from stockpiles or being retrofitted because of shortages;
- The risks involved with new or retired clinical professionals quickly entering the medical workforce;
- Challenges involving electronic health record systems and the lack of time to properly train clinicians during the crisis;
- Potential privacy and security challenges related to protecting paper records being created in makeshift hospitals being opened to care for the overflow of COVID-19 cases in New York and other cities.
Parker is the executive director of information security and compliance at Indiana University Health, the largest network of physicians in the state of Indiana. He formerly served as CISO at the four-hospital Temple University Health System as well as CISO for Temple's clinical faculty practice plan, Temple University Physicians. Previously, Parker was an information security consultant to the Defense Logistics Agency and other organizations.