CMS panel emphasizes health IT privacy, security

Unless patients trust healthcare organizations to protect their digital health data, they may be unwilling to allow it to be shared--which could have life-threatening consequences, John Benevelli, acting senior advisor for HIPAA Compliance and Enforcement in the Office for Civil Rights said at the recent eHealth Summit.

He spoke as part of a panel on privacy and security at the event sponsored by the Centers for Medicare & Medicaid Services. He urged healthcare organizations to perform risk analyses and then develop mitigation strategies to address the risks they find, including those posed by mobile devices such as smartphones and tablets, reports Clinical Innovation & Technology.

Risk analyses must be repeated as new devices come out, he said, and sanctions put in place for violating policy.

Marilyn Zigmund Luke, senior counsel and compliance officer for America's Health Insurance Plans also stressed the need for security policy and encryption if employees are allowed to use their own devices.  Security requires "more than just a password," she said.

Mary Rita Hyland, vice president of Cooperative Exchange, advocated stressing that protecting patient data is everyone's job. And all systems must be tested before being added to the network.

"We have to think about the potential of privacy and security failing points in external and internal systems. It could come down to one individual having a bad day and inadequately testing a new release or updating something that was collected incorrectly," she said.

Indeed, Eastern European hackers accessed Utah Department of Health systems installed without changing the factory password. That breach affected nearly 800,000 people.

The extensive system and software upgrades required for implementing ICD-10 also provide a good opportunity for testing an organization's privacy and security systems, Hyland said.

The testing associated with ICD-10 is turning out to be far more time-consuming than many organizations had planned. Christine Armstrong, principal at Deloitte, has urged organizations to leave plenty of time to do a thorough job of it.

To learn more:
- read the article

Suggested Articles

Mayo Clinic and Google Health have announced they will use artificial intelligence to improve radiation therapy planning for cancer care.

Amwell is focused on using AI through its Google partnership to evolve telehealth while also looking to expand into home healthcare.

Former Livongo executives are backing a new blank check healthcare technology company and are preparing an IPO of up to $500 million.