Dueling Opinions: Steps toward a more secure health system
Cyberattacks continue to rise in healthcare, with the number of data breaches on pace to set a new record this year.
What are some priorities in partnership with the federal government to address cybersecurity issues in healthcare?
Chuck Christian: I have the pleasure of sitting in the 405(d) work group, which was put together by HHS several years ago and has released some really good information around what I call good “cyber hygiene.”… I think there’s a lot of good work being done with the federal government. I get notifications around threats, either pending or in process. There’s a lot more information being shared.
Claudia Williams: It’s easy to focus on the very large entities, but I think it’s important to remember that healthcare is still largely a cottage industry. Imagine a small practice, a safety-net clinic, a small rural hospital. HHS—across many agencies—really needs to develop a strategy to increase security practices at smaller, lower-resource organizations. Part of that has to be stronger HIPAA enforcement.
In the ongoing drive for interoperability, there have always been concerns about privacy and data security. How are those issues being addressed?
Christian: Healthcare was put together like a patchwork quilt where everybody was cutting out their own squares, so they don’t quite fit together. Trying to make systems interoperate, even in a singular healthcare system, is a challenge because we have standards now. That’s the good news. The bad news is that we have standards, because over the years there have been too many different standards.
Williams: We need a framework that allows sharing across a broad set of players. I think entities like ours that can be intermediaries become a really important place to embed security controls, making sure that we’re operating to the highest possible expectations. And that reduces the complexity of needing to implement those protocols across every single possible entity that might be distributing data.
Healthcare is competing with all the other sectors of the economy for talent in IT and cybersecurity. What does the industry need to do to be competitive?
Christian: Everything. I mean, It’s one of those areas that’s in high need. … I think there are many things we can do. There’s quite a few different programs have popped up around the country. I’m a member of CHIME, which actually created a group specifically focused around security because there really wasn’t one that was specific to healthcare.
Williams: I think people in technology and people in healthcare, they want to work at an organization that’s mission focused and can make an outsized impact on people’s lives. People often come to this work with very personal stories of something that went wrong in their lives or the lives of their loved ones, and they’re committed to trying to fix those things.