Helping Clinics, Patients with SecurityResearcher Stresses Need for a Better Understanding of Risks
"A big hospital can set up electronic health record systems, and they have a professional staff on hand who can hopefully do that well, in terms of security. I'm more concerned with the smaller private practices and satellite clinics who don't have professional staffs on hand, usually, to set these up, or individuals in their homes who have home-based [health] monitoring technologies for their chronic diseases, for example," says Kotz, a professor of computer science at Dartmouth University in Hanover, N.H., where he researches data privacy and security issues in the mobile healthcare arena.
When it comes to telehealth systems, patients "might not understand what some of the security risks are," says Kotz, who was recently appointed to the Health IT Policy Committee, which advises the Office of the National Coordinator for Health IT on HITECH Act programs, including the electronic health record incentive program.
"I'm interested in how we can use mobile and cloud technology, how we can improve those technologies to make them easy to configure for security, and easily understandable so that people know what the privacy concerns are," he says in an interview with Information Security Media Group
Additionally, as a new member of the HIT Policy Committee, Kotz says he's concerned about consumers knowing what happens to their medical data.
"One of the areas I'm interested in is helping individuals ... to understand what information is being collected, where it's being stored, who has access to it, what they're going do with it, when will it be disposed and secondary uses of it," he says. "Communicating that [to the] average person in an understandable way is a big challenge."
The professor also notes: "I'm researcher, I like big challenges. I'm looking forward to learning more about the realities of health IT systems and the regulatory system and where we might be able to offer help."
In the interview, Kotz also discusses:
- Other privacy and security challenges involved in using mobile devices, such as wearable sensors;
- Ethical hacker demonstrations that have illustrated security vulnerabilities in wireless medical devices, and whether those threats should worry patients;
- The Food and Drug Administration's recent guidance for regulating a subset of mobile health applications.
Kotz is the associate dean of the faculty for the sciences at Dartmouth. He served as the executive director of the Dartmouth Institute for Security Technology Studies from 2004 to 2007. Kotz's research focuses on the challenges of applying IT to healthcare with an emphasis on privacy and security. He has studied the use of mobile technology, such as smartphones and wearable sensors, and has developed systems and network protocols to protect the integrity of medical information and the privacy of individuals. Kotz has published more than 100 journal and conference papers. He is also a fellow of the Institute of Electrical and Electronics Engineers.