- While new technology can give cyber criminals new outlets to gain access to protected health information (PHI), it also gives more opportunities to healthcare organizations to keep that data safe. Moreover, healthcare cybersecurity is an area that the College of Healthcare Information Management Executives (CHIME) hopes to be a leader in, according to 2015 CHIME Board of Trustees Chair Charles Christian, FCHIME, LCHIME, CHCIO.
In an interview with EHRIntelligence.com, Christian explained that positive patient identification and cybersecurity are some of the top health IT challenges in 2015.
The national patient identifier is one area in particular that has benefited from evolving technologies, Christian said. Now, there are numerous options that can protect data while it is in motion and at-rest. Moreover, one of CHIME’s goals is to ensure that its members are properly educated on the best practices to keep all data secure.
The patient identifier is a critical matter for the healthcare industry, according to Christian.
“We’re going to find that care for the patient is going to be provided at a much different level than it ever has before because they’re trying to bend the cost curve down,” he said. “In order to do that, they’re going to have to find other alternatives for primary or urgent care.”
Essentially, emergency rooms are increasingly being used as urgent care clinics. Patients are admitted with things that are non-emergency and they’re more urgent, Christian said.
Because of the different settings of care being added into the healthcare field, it’s also become more important that organizations are able to aggregate all of that information correctly.
“Everybody who is in that chain of care needs to know what’s been going on with that patient, Christian said. “Particularly if they have chronic diseases like diabetes, COPD, or heart failure that are very serious diseases that have other co-morbidities that go along with it.”
The role of the CIO for healthcare privacy and security
An organization’s CIO does play an important part in ensuring that a facility’s privacy and security measures are on track, Christian said, but the CIO should not always be the focus.
You need someone like the chief security officer to be focused and educated on what the best practices are. You also need someone who can constantly be focusing on it because the threats change. Security is not like building a house. You don’t build it and the rain stays off of your head. You have to constantly restructure that roof so that there are no leaks in it because the threats change. The complexity of the threats continues to change and so too do the tools continue to change. We need to stay on top of that.
This is also why CHIME launched the Association for Executives in Healthcare Information Security (AEHIS), according to Christian. The CIO often has to worry about the regulatory environment and the changing operations of healthcare. CHIME members said that there needed to be a new focus on healthcare security issues, he explained. Creating a separate organization that focuses on things like healthcare cybersecurity and the latest privacy and security needs, can greatly assist those in the industry.