If you have never been to a HIMSS conference, the first thing you notice is that the exhibit floor is huge. Just walking around gave me a sense of how large the healthcare industry is. With about 40,000 people moving through 600,000 square feet of floor space, just trying to visit some of the 1,300 exhibitors was a bit of a challenge. It took me about 30 minutes to walk from one end to the other without stopping.
Fasoo was in the new Cybersecurity Command Center which featured companies focused on mitigating risk of data breaches and helping ensure that patient information is secure. A number of well-attended presentations by FBI experts and others showed just how real these problems are and ways to stop the threat. One session was entitled You WILL be Breached, which gives you an idea of how serious things are.
As the Fasoo staff spoke to attendees, it was evident that patient health data security was an important discussion point at the event. This is not only an issue with EHRs. HIEs are also working to ensure they are using secure systems to transport patient data, including medical imaging records. As more of these exchanges move to the cloud and are accessible from mobile devices, the possibility of attack and a breach will only increase.
With so many high profile data breaches in healthcare, CIOs and CISOs were looking for answers to prevent or at least stop the bleeding of a cyber attack. Top of mind for many healthcare organizations is also to put patient customer service and convenience first. This extends to making it easier for doctors and nurses to focus on their patients and not on computer systems. One CIO mentioned that moving files in and out of his EHR system is a concern because anyone could potentially get access to doctors notes, medical release forms, image records and a lot of sensitive information. Protecting that information from outsiders and unauthorized insiders is a big concern, but he can’t stop the flow of information, since sometimes a matter of minutes can be critical to patient safety.
Some of these concerns were the high point of the session entitled Data Security Officers: Addressing Risks and Avoiding Crisis from the Trenches. The panel discussed modern threat scenarios that need constant vigilance on the part of all health IT professionals. They stressed the importance of Managed Security Services, and that optimal cyber security is never as simple as signing a contract. One of the presenters mentioned that Anthem had such a contract when their attack took place. As cyber security becomes a larger concern in healthcare, so too will the demand for meaningful intervention, monitoring, and encryption.
We also had a few conversations with auditors and people who do security assessments inside hospitals and other providers. They liked the idea that Fasoo can encrypt and lock data at the point of creation or download with a multi-layered approach to security. With new data security and privacy regulations emerging, proving that an unauthorized user can’t access patient data is a proof point to meet these requirements. In fact, if your data is encrypted with a persistent security policy, you don’t have to report its release as a data breach. This gives you Safe Harbor in many states.
More robust technology and a greater willingness from companies to deploy it will help reduce data breaches. The hackers and criminals are getting smarter and it’s getting more difficult to keep them out. Using a layered security approach with data-centric security at the core is the best way to protect patient data from getting into the wrong hands.