Why can’t healthcare apply the same practices other industries are using to protect consumer data?
There’s perhaps no question that can stir up more frustration among healthcare IT executives, largely because there’s no simple answer. And so, when the Health Care Industry Cybersecurity Task Force was created earlier this year, the primary objective wasn’t just to identify best practices being leveraged in areas like finance to protect and share data, but also to examine — and draw attention to — the unique challenges CIOs face with cybersecurity.
So far, the process has been enlightening, said Theresa Meadows, SVP and CIO at Cook Children’s Health Care System, and one of 22 members of the Task Force. On Wednesday, Nov. 2 at 10 a.m., she will present an update of what they’ve found so far during a presentation entitled, Pushing Cybersecurity in Healthcare to the Top of the Government Agenda.
“There are a lot of components in healthcare that don’t exist in other industries, which is why it’s hard for to have universal guidelines that everyone can follow,” Meadows noted. “We want to educate lawmakers, Congress, and others on those complexities.”
For example, a healthcare entity could be anything from a single-physician practice to a 1,000-bed hospital to a large health plan. To expect organizations that differ so drastically in terms of size and scope to follow the same parameters to keep data secure simply isn’t realistic.
And that’s just one issue. Another is that the best practices being used in the energy industry, which is reliant on methodical, repeatable practices, may not translate in the hospital environment, said Meadows. “Implementing what they have in place would shut down all the processes in healthcare because of the emergent nature of the things we have to do.”
The good news? By uniting leaders from different sectors of healthcare to discuss these key issues, the Task Force is making strides in its goal to improve cybersecurity. In fact, just by sharing their experiences, members have been able to create a better definition of healthcare, which in turn can help lawmakers develop a deeper understanding of the challenges.
In the session, which will be moderated by Chuck Christian, VP of Technology and Engagement with the Indiana Health Information Exchange, Meadows and David Ting, Co-Founder and CTO of Imprivata, will talk about what the Task Force has learned, and what it still hopes to accomplish during the one-year term. The goal is to encourage open dialogue about security strategies among CIOs, a group that has understandably been tip-lipped on the topic.
As it stands now, there is no safe, effective way to share best practices on cybersecurity or discuss what went wrong during a breach, said Meadows, and that needs to change. “We want to help manufacturers and developers put safeguards in place in the software so we can prevent those issues going forward.”
She also hopes that CIOs and other attendees will provide input on the Task Force recommendations, which will help point the industry in the right direction. “Security is at the top of everyone’s minds, and I think this is a great opportunity to contribute to a bigger cause.”
And, perhaps, to start forming answers to the difficult questions.