The campaign for electronic medical
records and electronic health records is in full swing.
The proposed high tech healthcare legislation as well as
major components of the stimulus package guarantee
dramatic, and possibly traumatic movement in these
fields.
While the economic benefits are
profound, successful implementation will place
tremendous demands on our best and brightest in
information assurance and IT security. The Weekly
Standard has already cited Title IV as a “Trojan
horse” which will give government bureaucracies vast
control over modern medical technologies.
What is most important to understand is
that health IT will be all-pervasive. Every device
imaginable is being designed for wireless data
transmissions to improve accuracy and efficiency.
These changes will put IT security
center-stage in virtually all health organizations.
Over the last decade HIPAA has
successfully redefined the role of IT security in the
health professions. However, its myopic focus on data
privacy has left most organizations ill prepared for the
full impact of electronic medical records.
This one-day workshop begins to fill the
gap and outlines the critical and sometimes life and
death issues that health systems will now confront.
While the goals of IT security have long
been stated as confidentiality, integrity and
availability (the famous CIA), integrity and
availability have been short-changed in a HIPAA centric
world.
Data replication, data normalization are
vital issues as massive arrays of data are assembled for
individual medical histories. The replication of this
data for backup and archives as well as its concurrent
use in multiple environments means that keeping data
synchronized is a central ingredient for successful and
safe systems.
Further, identifying and authorizing
data sources becomes a critical issue. Who writes to
which records and how do we maintain an audit trail to
validate the accuracy and integrity of the submitted
information?
Availability is typically assured
through backup and recovery strategies. The
sustainability of these critical information flows must
address internet outages, power outages, disk failures
as well as malicious assaults through DDos and viral
outbreaks.
IP3, Inc.’s current PGA initiative
focuses attention on policy gap analysis. While
organizations strive to govern their information
assurance and security initiatives through a policy
driven framework, it’s clear that there are fundamental
gaps in current policies. If PCIDSS (another security
burden on health providers who accept credit card
transactions) the specific policy driven compliance
requirements may fail to properly address data leakage
through VoIP (Voice over Internet Protocol) channels.
IT security professionals in healthcare
industries will face all of these challenges and more.
Transitioning to IPv6 and integrating VoIP and wireless
systems will be necessary as a vast array of new medical
technology is deployed to post diagnostic data directly
to the information system without the need of human
transcriptions. These new technologies will certainly
reduce the risk of human error in the writing and
recording of information, but human error can also
disrupt a network or overwrite essential data. This
one-day workshop seeks to provide HIM Professionals and
other health information systems professionals with a
solid foundation for addressing the comprehensive
challenges of providing confidentiality, integrity and
availability across our new technology platforms.
