Healthcare Information Security

Cybersecurity News

CHIME Says Healthcare Cybersecurity Should Be Innovation Focus

Healthcare cybersecurity should be one focus area of a public-private workgroup that HHS is putting forward to examine healthcare innovation and investment, argued CHIME in its comments on the proposed group.


Source: Thinkstock

By Fred Donovan

- Healthcare cybersecurity should be one focus area of a public-private workgroup that HHS is suggesting to examine healthcare innovation and investment, argued the College of Healthcare Information Management Executives (CHIME) in its comments on the proposed group.

In June, HHS asked for public comments on its planned initiative to develop a workgroup between HHS leadership and private industry to examine ways to increase innovation and investment in healthcare.

CHIME observed that cybersecurity threats in healthcare are increasing costs for the industry and creating patient safety concerns.

“Cybercrime in healthcare settings is now a lucrative industry for bad actors. The growing nature of our interconnected healthcare world is also raising the stakes for the likelihood of negative patient outcomes attributed to a cyber event. Innovations in technology must consider these growing threats,” CHIME argued.

CHIME also recommended that healthcare CISOs be included in the workgroup.

“The privacy and security of patient data — as well as the federal and state regulations governing such information — must be considered as new innovations and technologies are incorporated into healthcare delivery systems. CISOs offer unique perspective and considerations for ensuring innovations address growing cybersecurity threats to patient data,” CHIME noted.

The association also recommended including healthcare cybersecurity startups and other small healthcare innovators in the workgroup.

“Although the group is sure to include well-known tech giants that are on the forefront of radical innovations in the consumer technology and healthcare spaces, it is important to include other health innovation experts. Some areas where expertise will be necessary is in genomics, machine learning, voice recognition and cybersecurity so that responsible innovation can take place,” CHIME advised.

CHIME recommended that the workgroup develop a voluntary standards framework that healthcare innovators could use. The framework should prioritize ethical considerations, involve clinicians and patients, address cybersecurity threats, streamline the products vetting process, focus on closing the digital divide, accurately identify patients and connect them to their medical records, and preserve the patient/clinician relationship.

“Technical innovation must flourish but it is also important to keep in mind the importance of fostering the connection between patients and their clinicians. We therefore believe HHS must be mindful of keeping patients and caregivers connected to their provider so technology can be used to deliver better care, not detract from patient care,” CHIME commented.

“For instance, the Promoting Interoperability program has unwittingly incentivized clinicians to spend less time with their patients and more time in front of their computer screens. If innovations cause the distance between clinicians and their patients to grow, technology may be perceived as a barrier rather than a solution,” the letter added.

In addition to CISOs, CHIME maintained that the workgroup should include CIOs, healthcare providers, patients and caregivers, EHR vendors, and healthcare innovators of all sizes and types.

CHIME also recommended that HHS support innovation that targets ways to accurately identify patients and use the Centers for Medicare and Medicaid Services’ Center for Medicare and Medicaid Innovation to promote private solutions in patient identification.

“Solving the patient identification issue is essential. Given the Congressional ban in place since 1998 that prohibits HHS from spending any funds to establish or deploy a unique patient identifier, innovation in the private sector is needed to overcome this hurdle to improved patient care,” CHIME stressed.

“CHIME has long been a supporter of developing a national patient identifier to accurately and efficiently match patients with the correct record. This is integral to CMS’ goal to achieve the free-flowing exchange of patient records and true interoperability. From the perspective of CHIME, accurately matching patients to their data should be one of the principal goals of the innovation work group,” the association concluded. 

CHIME worked for two years to promote a national patient ID, but suspended its effort last year.

In January 2016, CHIME unveiled a $1 million competition to encourage innovators to develop a solution for ensuring 100 percent accuracy in patient EHR matching.

“Though we’ve made great progress and moved the industry forward in many ways through the Challenge, we ultimately did not achieve the results we sought to this complex problem,” CHIME said in a public statement announcing the suspension.

“We have consequently decided the best course for addressing this patient safety hazard is to redirect our attention and resources to another strategy,” CHIME added.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...