I remember when I first heard the phrase DEFCON 1 (in the 80s movie, WarGames). These days, I think attributing that to healthcare seems relevant with all of the issues surrounding Privacy and Security. Continuing with my post from last week, it brought to mind that providers may be getting increasingly frustrated about how much they have to deal with over the last few years and how much more they need to focus on security than they did in the past after their clinical applications implementation and the new HIPAA Omnibus regulations. Recognizing that healthcare IT leaders these days have somewhat limited authority, but an enormous amount of accountability, it’s difficult to see why many would want to take that position.
A Healthcare IT leader has to think about so many situations such as how to encyrpt every device, and how to manage and secure data integrity & try to develop multi-layered defense mechanisms for the clinical and operational applications that a provider now has to manage. What about protecting their data center from internal and external attacks?
Will we ever be perfect? With the new issues around Internet Explorer (I’m updating the blog using Chrome by the way), the issue of security, continues to dominate the healthcare headlines. This along with the continued use by many provider organizations of XP after Microsoft said that they will discontinue support for the operating system after April 2014.
What do we do? Is this the new normal? Dr. John Halamka of Harvard Medical & Beth Israel in an interview recently at HIMSS 14 with Healthcare IT News discussed this (while mentioning that that he had 14 different work streams in his privacy and security efforts) the need for access based on what you do rather than who you are and said that there will always now be some vendor who will announce that there is a new vulnerability that everyone needs to watch out for.
Information Security Officers will need generals defending their provider fortress. With more devices accessible by technologies like blue tooth, a rogue employee walking through a facility possibly wrecking havoc and changing information of patients, there has never been a need for solid fortress-like defenses than ever before. All this as well as providers try to have better, more meaningful engagement with their patient population!
But then again folks, we’re just getting started…