In the five years since the HITECH Act was passed into law as part of the American Recovery and Reinvestment Act, Joy Pritts, chief privacy officer at the Office of the National Coordinator for Health IT, believes that despite some privacy and security wins, the healthcare industry's knowledge of the law continues to lag.
Pritts (pictured), in a recent interview with HealthcareInfoSecurity, calls it "a little disappointing" that the industry still is not up to speed. In addition, she says that mobile devices continue to be among the biggest areas of concern for healthcare organizations in terms of security.
"[Providers] are not really set up for how [to] manage those devices," Pritts tells HealthcareInfoSecurity. "They are cool, fun and also can be not [so] secure, depending on how you set them up. I think that is an area that is really challenging for many."
Pritts also points to data availability as another issue of concern. "As you move into more cloud-based services and things of that nature, people are assuming that it's more available to them," she says. However, Pritts adds, that's not always the case.
Pritts adds that going forward, part of ONC's privacy and security focus will center on being "proactive" when it comes to cyber hacking.
Already this month, the FBI has issued two warnings that healthcare organization systems, including medical devices, could be vulnerable to cyberattacks. What's more, a planned cyber attack simulation conducted at the beginning of April by HITRUST and the U.S. Department of Health & Human Services revealed a need for healthcare organizations to better engage their stakeholders in their preparedness plans and to be more open about best practices to help the industry as a whole improve.
A new a new Verizon data breach report, also published this month, chided the healthcare industry for lagging in efforts to encrypt computers and other devices.
To learn more:
- read the full interview at HealthcareInfoSecurity