Thursday, March 26, the Institute for Critical Infrastructure Technology (ICIT) hosted their monthly Fellow Meeting, with featured thought leaders Dr. Kafi Wilson, MHA (ICIT Fellow and CEO, KWMD) and Laura Elizabeth Rosas (Lead Public Health Advisor, Health IT Team, Substance Abuse and Mental Health Services Administration [SAMHSA], U.S. Department of Health and Human Services).
The meeting, attended by ICIT Fellows, thought leaders from industry and federal agencies including NOAA, the Department of Interior, FDIC, and DHS was a highly passionate and animated exchange of ideas and strategies between the audience and speakers, as Ms. Rosas and Ms. Wilson lead a discussion on the theme “How Data Segmentation, Privacy and Interoperability Can Solve Today’s Healthcare Challenges”.
The group lamented the continued lack of privacy awareness on the part of health care providers and a failure to prioritize data breach concerns. Ms. Rosas observed that despite the growing number of highly visible health record breaches and industry talk of the importance of health data privacy, one of the industry’s major challenges was that there is still no “clear path to secure information in the way that we need it secured.” She explained many health care organizations often fail to perform a basic security risk assessment, a fact ICIT has recently reported in a briefing to the Congressional Cybersecurity Caucus.
Another point of discussion was the lack of awareness and accountability among patients surrounding privacy and the risk of a breach, leading to less motivation for industry to change. Ms. Rosas noted that patients are “becoming immune to the panic around breaches…people were a lot more disturbed [by data breaches in the past] than they are today.” Unfortunately, data breaches are “the new norm. People are not getting as angry and frustrated about breaches as they should.”
The group agreed that this lack of awareness and sense of apathy toward data breaches, by hospitals and patients alike, result in an overall lack of urgency to find solutions to health care information breaches.
Dr. Wilson, observed that the lack of awareness began with the development of electronic medical records (EMRs). Although security was a consideration at the time EMRs were designed and implemented, it was not a top priority: “With the rapid implementation, adoption and deployment of EMRs, we have left out a huge component: security…We went transformed the industry without the foresight of anticipating that the digital record can be hacked and putting in place preventative processes and technologies to mitigate the risk, and now we are playing catch-up.”
Other non-security issues discussed at the meeting included Dr. Wilson’s recent work in the field of Rural Health and Telemedicine, and the importance of interoperability in the rural environment. Dr. Wilson commented on the high rate of rural hospital closings and how teleheath technologies can help bring much needed services to patients who need both basic and specialized care. She also discussed how legislation is currently being discussed to remove payment, liability and technological barriers preventing the widespread use of telehealth.
Dr. Rosas also spoke about her use of privacy controls to segment data at SAMHSA, an innovate approach to drive better care outcomes which will be the focus of an ICIT interview that will be released in April ’15.