Privacy & Security: Never-ending Vigilance

June 25, 2013
Federal rules and regulations, especially the HITECH Act (ARRA) with its enhanced set of HIPAA regulations, have focused increased amount of attention on implementing security measures that can maintain the integrity of personal health information (PHI). But these regulations are not driving security strategies for progressive CIOs and CISOs. The rules are for the common good, but not the basis on which these leaders structure their data protection strategies.
Federal rules and regulations, especially the HITECH Act (ARRA) with its enhanced set of HIPAA regulations, have focused increased amount of attention on implementing security measures that can maintain the integrity of personal health information (PHI).But these regulations are not driving security strategies for progressive CIOs and CISOs. The rules are for the common good, but not the basis on which these leaders structure their data protection strategies say "Privacy and Security Issues" panelists at the Healthcare Informatics Executive Summit in San Francisco on May 12.Jennings Aske, J.D., is proactive about security. If you build your infrastructure to adhere to national security standards, it will not be a problem to meet state and federal privacy mandates, says the chief information security officer of Partners HealthCare in Boston.One aspect of maintaining the privacy of PHI is more difficult to control than security standards--and that is organizational culture. Most often, data breaches will occur because of staff members inappropriately accessing records.Data breaches are inevitable, says Jim Elert, CIO, Shared Services, Trinity Health, Novi, Mich. Delving into who has control, where, and why, will uncover more gaps and leaks than is imaginable.Snooping staff are not the only threat. Healthcare IT systems are notoriously weak in security. Whether that is the fault of the developer or that of purchasers lack of demand for stringent security measures is a moot point. There are many security shortcomings and huge development gaps, Elert notes.Sharing the physician informaticist viewpoint was Joseph Bormel, M.D., chief medical officer and vice president for clinical strategy, QuadraMed, Reston, Va., who emphasized the importance of helping physicians understand the value of security to them and to their clinical care. Aske says he presents security measures to physicians as important to maintaining the integrity of clinical data.

Charlene Marietti, Jennings Aske, J.D., Jim Elert, Joseph Bormel, M.D. at the Privacy and Security Issues Breakout Session at the HCI Executive Summit.

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...