Balancing Innovation, Budget Constraints and Network Security

Braithwaite, who is referred to by many as the “father of HIPAA,” said the security rule requires that providers manage their risk, which involves considering the size, complexity, infrastructure, hardware and software capabilities, and cost of doing it. This means educating and training people to document and monitor what is going on in a reasonable and appropriate way.

The level of trust in healthcare is challenging to maintain, given technological strides such as mobile health, the “bring your own device” trend, and wireless access allowing caregivers to work from anywhere, at any time, he said. To ensure the level of trust in this fast-changing environment, healthcare leaders need to federate identity management to build a trust network, so physicians need only logon once. Patients need to be assured of secure access to their records, which is especially important at a time when healthcare providers have been increasingly targeted as a source of information in fraud. Cost pressures are there, and providers should consider the use of cloud services for lowering costs and standardized services in a way that includes the security and functionality of those systems, he said.

Robert Wah, M.D., is chief medical officer and vice president of Falls Church, Va.-based CSC, as well as a practicing endocrinologist. Prior to CSC, he served as acting deputy national coordinator at the Office of the National Coordinator for Health Information Technology. He noted that under healthcare reform providers are in a progression from paper records to the digital records and, finally, to digital networks, a step that will enable providers to analyze data in ways they haven’t been able to do before. “That’s when we are going to be able to reap the investments we have made in healthcare,” he said. “Technology is bringing us information where we need it and when we need it; that’s going to save lives and save money,” he said.

Wah described a healthcare information platform, the center of which is a rapidly growing pool of information. He envisions all of the participants in healthcare—patients, doctors, hospitals, payers, government, researchers—contributing to the pool and extracting out of the pool the information they want. “We’re hopeful that we’re getting close to that now,” he said.

Wah also sees an intersection of HIT, cloud computing and cyber security occurring in healthcare. He put particular emphasis on security, noting that the human element is the weakest link in the chain. Whoever is hired to take care of security should not only have the best technology, but should have the human element in control as well, by proper training, education, and third-party certifications, he said. “You don’t want to go to a mom and pop shop to secure your data. You need to have industrial strength security,” he said.

He said security should not be viewed as a burden, but rather as the enabler to make the whole system work; and it should be designed in from the start of any system, not as something that is bolted on later. Reiterating Braithwaite’s point, he said that if patients do not trust the system, they will not participate, and it will fail. The biggest worry patients have about the HIT revolution is a breach of their information, he said. “They are rightly concerned. If you are diagnosed with HIV or take psychiatric medications or have sexually transmitted disease that is a bell you cannot unring. Patients know that, so all of us who work in this area have to be very concerned about the worry our patients have,” he said.