- The annual HIMSS conference and exhibition covers a variety of healthcare IT topics and issues. However, in the wake of large scale data breaches and continuous discussion and debate over federal and state healthcare regulations, one of the major focuses this year is likely to be on data breach prevention.
HealthITSecurity.com will be reporting live from HIMSS this week, bringing you the latest announcements and news from HIMSS. Data breach prevention has many different facets and aspects, which will all be touched on and discussed at this year’s conference. We will dive a little bit deeper and explain why this topic is so important, and highlight a few events that focus on solutions for healthcare providers and insurers.
Why data breach prevention?
Data breach prevention will steer HIMSS15 because healthcare privacy and security is essential for every organization, regardless of its size. Even as the healthcare industry implements new federal regulations, keeping data secure is still a top priority.
For example, the recently announced Stage 3 Meaningful Use proposal wants to ensure that ePHI remains protected. As previously reported by HealthITSecurity.com, Katherine Downing, MA, RHIA, CHPS, PMP, Director of HIM Practice Excellence at AHIMA, discussed the importance of the requirement to make the security risk analysis an annual step.
“Overall, we think it’s a really good step to making sure people are staying on top of what they need to do to protect this information,” Downing said.
The effects from a data breach can also be harmful to a covered entity. As previously discussed, a TransUnion survey found that the majority of adults would avoid a healthcare provider if a data breach took place. The notification process is also essential, as 46 percent of respondents said they expect a notification within one day of the breach, while 31 percent said that they expect to receive a response or notification within one to three days.
HIPAA violations can also be harmful to a healthcare facility, and understanding the federal regulations is key to keeping organizations compliant and their data secure. One important tool in this process is performing a HIPAA risk assessment, which Chris Bowen, MBA, CIPP/US, CIPP/IT, ClearDATA Founder and Chief Privacy Officer, explained in an interview with HealthITSecurity.com that the risk assessment process is a journey, not a destination.
“We’ve discovered that healthcare IT is just underprepared for what they need to do,” Bowen said. “They need to not only shore up their systems from a functional perspective and interoperability perspective, but now you layer on security and other types of controls to that, and they’re just overwhelmed.”
What are potential solutions?
Even before the Anthem and Premera data breaches, healthcare organizations were well aware that cybersecurity threats were on the rise. Several of the education sessions at HIMSS further demonstrate this fact, and will provide in-depth insight and tips for how facilities can keep sensitive information secure, while still ensuring that the latest technologies can be implemented and used where necessary.
For example, HIPAA regulations and compliance issues headline numerous education sessions. Tom Walsh, CISSP and principal consultant at tw-Security will be speaking at Navigating the Practical and Legal Aspects of HIPAAsession. HIPAA compliance is an “ongoing endeavor,” and covered entities need to understand how HIPAA privacy and security measures.
Also for HIPAA compliance, there will be sessions on the ever-evolving regulations. Adam Green, a partner at Davis, Wright, Tremaine LLP will be leading one such discussion, going over HHS’ top privacy and security enforcement issues based on prior settlements. Even though the HIPAA audits continue to be delayed, it’s still necessary for covered entities to understand what the audits will entail and what resources are currently available for them.
Choosing the right Chief Information Security Officer is also essential, and Heather Roszkowski, CISO at The University of Vermont Medical Center will discuss best practices at HIMSS. In today’s healthcare IT world, it’s critical that organizations choose individuals who have the right skills, knowledge and experience.
Another potential solution could be cloud computing, although at HealthITSecurity.com has explained before, this might not be the answer for every facility, and each healthcare organization should take the time to review their own process before any implementation of new technology. The HIPAA Omnibus Rule states that patients’ privacy is protected, regardless of where it is being stored, and covered entities and their business associates need to ensure they’re adhering to HIPAA in the cloud. At HIMSS, secure cloud computing will be discussed at several educational sessions, giving attendees the chance to better understand this new storage option.
Healthcare organizations need to be prepared for many types of data security threats, especially as PHI becomes more sought after by cyber attackers. But HIMSS speakers and presenters will go over some of the top solutions and how facilities can implement key security measures. Stay tuned to HealthITSecurity.com all week for healthcare privacy and security HIMSS updates!