Final Blog- An Analysis

It’s hard to believe the semester is ending as well as this blog.  Initially, I was skeptical about the idea of writing a blog strictly composed of security issues, but I believe it has provided me the opportunity to better understand current issues related to my long-time profession in healthcare.

 

Steeped in much tradition, change is very hard for most healthcare organizations, couple that with numerous government mandates and it can be a recipe for confusion and information security disasters.   Due to the American Recovery and Reinvestment Act of 2009 (ARRA), and the Affordable Care Act 0f 2010, healthcare organizations are now mandated to implement electronic charting and health records and demonstrate meaningful use.  The Health Information Technology for Economic and Clinical Health (HITECH) Act, which is a part of the ARRA, has created quite a flurry in hospitals as they strive to meet mandated milestones in addition to the ever increasing rules, regulations, and penalties associated with any type of data breach.

I began discussing Apple’s new operating system and improved security options, but quickly realized that I would like to use this blog as an opportunity to discuss the measures being taken by healthcare organizations to protect patient data and the associated challenges. These measures consist of a variety of topics addressing everything from USB drive security to medical device vulnerabilities.  The following is a list of topics discussed and a small description of each:

1.     Apple’s iOS just became more secure- Apple announced a variety of security changes in the new operating system.

2.     HIPAA Omnibus Rule- Increased PHI Security Requirements- Stricter regulations surrounding vendors, sub-contractors, and consultants and an organizations accountability related to patient data and privacy became effective in March 2013.

3.     Data Breach Insurance in Demand- Given the costs associated with data breaches and HIPAA violations, hospitals are opting for insurance to offset the high costs.

4.     Medical Device Vulnerability Alert from DHS- Numerous medical devices were found to have password vulnerabilities.  Researchers are advocating for a digital signature requirements to prevent hackers from tampering with devices.

5.     Improving Security for USB Drives- Healthcare Organizations are encouraged to improve USB security through preventative measures such as encrypting USB devices and regular scanning for malware in order to protect patient data.

6.     Office of the National Coordinator Released 2014 Priorities- The ONC released their security priorities, which include: identify cyber-security threats, expanded technical assistance, work with NIST to patient identity management, and further privacy and security in future HITECH stages.

7.     BIG Data- Protecting Patient Privacy- Discovering correlations between treatments and medical conditions require digging through data, but ensuring the information is de-identified is a priority.  Intermountain Health and Deloitte have teamed up to discover clinical nuances with Outcomes Miner, and have gone to great lengths to ensure patient data is protected.

8.     Scrutinizing Healthcare Data Encryption Options- Data encryptions is coming to the forefront in healthcare organizations due to penalties associated with HIPAA violations, therefore a variety of recommendations were discussed.

9.     Aligning Healthcare Management, staff to strengthen security- In order for healthcare organizations to properly organize security priorities, a number of issues must be addressed. 

The articles referenced in this blog came from a variety of healthcare/IT/security resources such as “Healthcare IT News,” and “Healthcare Info Security,” and are just a few of the many available.  I believe using a plethora of references provided a wider array of topics and viewpoints surrounding healthcare.

I also believe this blog would be helpful to information security officers in healthcare organizations.  While not all encompassing, this blog could be used as a reference point to learn more about the variety of resources available and the number of issues facing all healthcare organizations. 

For those students embarking on this journey in the future, I would recommend finding a theme they're interested in and expounding on it weekly.  A previous Professor offered some advice at the end of his class “Read as much as you can about current events in your profession and you’ll be propelled to the front of the pack.”  I’ve never forgotten this and have found it to be true.  Writing this blog has been an enjoyable experience that has provided me the opportunity to learn much more than I anticipated.  Thanks for the push to do something outside of my comfort zone!