Patient Access to Health Data: Balancing Security and UsabilityChad Wilson, CISO of Stanford Children's Health, Discusses Emerging Challenges
As developers design applications to provide patients with access to their digital health records via smartphones - as called for under the 21st Century Cures Act - special attention needs to be paid to balancing security with usability, says Chad Wilson, CISO of Stanford Children's Health.
"We have to encourage the people who are downloading their health information to do their due diligence to make sure where they're downloading it, saving it and securing it stays safe," he says in a video interview with Information Security Media Group. "It goes back to the ... security that's built into the development cycle - not every app is coded the same way ... and not every app deals with encryption of the data the same way."
While adequate security is essential, organizations must guard against creating too many security-related barriers to gaining access to records via a smartphone, he says. "So having that balance is going to be really key for any developer that is building the API to get in - that it has the right security and the right security is maintained."
In the interview, Wilson also discusses:
- Other privacy and security challenges involving patient access to their electronic health records;
- Security and privacy issues involving the growing use of telehealth and the reliance on email for communication during the COVID-19 pandemic;
- How the cyberthreat landscape is evolving during the COVID-19 crisis.
Wilson is CISO for Stanford Children's Health and Lucile Packard Children's Hospital Stanford in California. Previously, he served as the director of IT security and CSO at Children's National Health System in Washington. And he served as senior associate at Booz Allen Hamilton, managing cybersecurity services for commercial and government clients with an emphasis in healthcare. Wilson is also former acting CISO and director of information security for MedStar Health.