Expert: Health care organizations should boost security amid evolving risks | Michael Archuleta comments on building a strong health care security culture | HHS CISO details how hospitals can improve cybersecurity
Evolving cyberattacks should prompt entire health care organizations, not only their top executives, IT and information security staff, to increase their involvement in cybersecurity, said Stuart Madnick, professor at the Massachusetts Institute of Technology, at the Healthcare Security Forum. Madnick urged organizations to examine the disparity between their current security status and security goals to establish an action plan.
Michael Archuleta comments on building a strong health care security culture
Michael Archuleta, director of IT, Mt. San Rafael Hospital
Cybersecurity isn't just about data security -- it's also a matter of life and death. Health care information is 10 times more valuable on the black market than Social Security and credit card information. Medical records contain an extensive amount of data, and once information has been stolen, it can be resold over and over again. That is why it is so valuable and at the same time so dangerous.
Health care organizations are one of the most targeted sectors, with 88% of attacks on the industry. Cybersecurity isn't the responsibility of IT -- it's an organization's responsibility. With 91% of cyberattacks starting with a phishing email, it's important to educate and create a culture around cybersecurity. We need to be more creative in our workforce and create a new approach to improving the culture change in an organization. We always focus on the technology, process, then the people. We need to change this mindset to prioritize the people, processes and then technology. End users play a huge role in our defenses. When organizations look at their current state of security, they typically see that the lack of end-user training and awareness is an issue.
Annual HIPAA training and periodic email notifications are not enough to protect our organization. Be an over-communicator. Inform end users, management and the board of cybersecurity of risks and of their critical role in protecting the organization's data. Consider including education on cyber and physical security as part of orientation. Engage your community and keep it informed of what the facility is doing to protect its data. Building a stronger security culture to mitigate risk is key to an organization's success.
Hospitals can strengthen their cybersecurity profile by joining the National Health Information Sharing and Analysis Center, managing their patching reports like profit-and-loss reports and deploying multifactor authentication technologies as a bare minimum, HHS CISO Christopher Wlaschin said at the Healthcare Security Forum. "Together we'll address the problem, take care of the people who don't have the resources, make ourselves less susceptible to attack and more able to provide the patient care we are capable of giving," Wlaschin said.
Epic's Share Everywhere solution, an update to its MyChart patient portal, lets patients authorize any health care provider with internet access view their health records and allows them to share health data with clinicians without the use of an EHR system. Patients may also share a view of their chart with any provider worldwide using the solution through their smartphones.
Apple will conduct a study in partnership with American Well and researchers from Stanford University to assess the ability of its Apple Watch 3 to detect abnormal heart rhythms and predict heart conditions. The watch now comes with an updated fitness-focused heart rate monitor, which is designed to collect data including abnormal jumps in heart rate while at rest and post-workout recovery heart rate.
The "Get it. Check it. Use it." campaign launched last week by HHS Office for Civil Rights stresses the importance of HIPAA and giving patients the right to access and acquire copies of their health data. The three pillars of the campaign focus on requesting copies of health information, reviewing it for accuracy and using it to improve patient-doctor communications.
A bipartisan group of House members introduced legislation that would allow Medicare Advantage plans to have similar reimbursement rates for telehealth and in-person services starting in 2020 and Medicare coverage of appropriate nonface-to-face health care communication methods related to chronic care management beginning in 2019. The measure also seeks equal telehealth access between patients in Medicare Advantage and those in the Medicare Part A and B programs.
If you are looking for a seasoned colleague to help you learn the ropes, consider the CHIME Mentor Program. CHIME's mentoring program pairs mentees with CHIME members from around the globe who are experienced health care IT executives. Mentees work with mentors to develop goals and objectives, learn best practices and understand how to navigate challenges and hurdles that may arise in your role. Learn more about the CHIME Mentor Program.
CHIME will host the next Certified Healthcare CIO (CHCIO) examinations on Oct. 30 and Oct. 31 following the CHIME Healthcare CIO Boot Camp in San Antonio. Boot camp attendees who enroll in the CHCIO program are eligible for an instant $100 savings. Register for both events. To date, more than 300 CHIME members have taken the challenge to become a CHCIO, demonstrating their dedication to the profession and pledge to continue to lead the health care industry. Learn more about CHCIO.
I would rather work with five people who really believe in what they are doing ... than five hundred who can't see the point.