What About Security?

But What About Security? ... Health Informatics

The campaign for electronic medical records and electronic health records is in full swing. The proposed high tech healthcare legislation as well as major components of the stimulus package guarantee dramatic, and possibly traumatic movement in these fields.

While the economic benefits are profound, successful implementation will place tremendous demands on our best and brightest in information assurance and IT security. The Weekly Standard has already cited Title IV as a "Trojan horse" which will give government bureaucracies vast control over modern medical technologies.

What is most important to understand is that health IT will be all-pervasive. Every device imaginable is being designed for wireless data transmissions to improve accuracy and efficiency.

These changes will put IT security center-stage in virtually all health organizations.

Over the last decade HIPAA has successfully redefined the role of IT security in the health professions. However, its myopic focus on data privacy has left most organizations ill prepared for the full impact of electronic medical records.

This one-day workshop begins to fill the gap and outlines the critical and sometimes life and death issues that health systems will now confront.

While the goals of IT security have long been stated as confidentiality, integrity and availability (the famous CIA), integrity and availability have been short-changed in a HIPAA centric world.

Data replication, data normalization are vital issues as massive arrays of data are assembled for individual medical histories. The replication of this data for backup and archives as well as its concurrent use in multiple environments means that keeping data synchronized is a central ingredient for successful and safe systems.

Further, identifying and authorizing data sources becomes a critical issue. Who writes to which records and how do we maintain an audit trail to validate the accuracy and integrity of the submitted information?

Availability is typically assured through backup and recovery strategies. The sustainability of these critical information flows must address internet outages, power outages, disk failures as well as malicious assaults through DDos and viral outbreaks.

IP3, Inc.'s current PGA initiative focuses attention on policy gap analysis. While organizations strive to govern their information assurance and security initiatives through a policy driven framework, it's clear that there are fundamental gaps in current policies. If PCIDSS (another security burden on health providers who accept credit card transactions) the specific policy driven compliance requirements may fail to properly address data leakage through VoIP (Voice over Internet Protocol) channels.

IT security professionals in healthcare industries will face all of these challenges and more. Transitioning to IPv6 and integrating VoIP and wireless systems will be necessary as a vast array of new medical technology is deployed to post diagnostic data directly to the information system without the need of human transcriptions. These new technologies will certainly reduce the risk of human error in the writing and recording of information, but human error can also disrupt a network or overwrite essential data. This one-day workshop seeks to provide HIM Professionals and other health information systems professionals with a solid foundation for addressing the comprehensive challenges of providing confidentiality, integrity and availability across our new technology platforms.