Unlike many members of Society for Participatory Medicine (S4PM) who have championed collaborative technology to improve patient outcomes and treatment for years, I am a relatively new proponent. Indeed, my experience in healthcare security, privacy and compliance only became a focus of my career when I joined the Computer Task Group, LLC (CTG) as a senior security consultant in 2012.
In that position, I was quickly immersed when I took over as interim Chief Information Security Officer at a large county hospital. I soon became aware that the adoption of security and privacy controls that were routine and standard in the financial industry were lacking in healthcare, especially at smaller hospitals and clinics. Across the board, budgets for healthcare IT were earmarked for new technology for patients and administrators, not security. Resources allocated for compliance with HIPAA safeguards were minimal, at best.
Around the same time, my colleague at CTG and the Editor-in-Chief of the S4PM newsletter, John Hoben, introduced me to Eric Topol’s book, “The Creative Destruction of Medicine.” It was an eye opener for me. I attended HIMSS in 2014 and 2015 and as I have learned more it is clear to me that patients and their advocates will be the ones to drive many of these new innovative technologies forward.
At the same time, new threats to healthcare security have not only eroded confidence that patient privacy can be protected; ransomware and potential hacks of medical devices endanger patients’ lives, not just their privacy. It’s no longer just about securing the EHRs.
It is critical that those of us who advocate for the goals of the Society for Participatory Medicine and the technologies necessary to bring about profound improvement in patient care help lead the way in promoting leading standards of security and privacy. Most importantly, as patients we need to insist that fundamental security practices are in place and that privacy of patient data is designed into solutions.
I’m very thankful to have two experts from outside S4PM contributing to this month’s newsletter theme, “Ensuring a Secure Environment for Participatory Medicine”.
Ed Moyle is director of emerging business and technology at Information Systems Audit and Control Association (ISACA) and is a frequent contributor to the information security industry as author, public speaker, and analyst. Ed makes the case that privacy and security are important aspects of the patient experience in his article, “Toward Participatory Healthcare Cybersecurity”.
Our other contributor I am proud to have worked for when he was the Practice Director at CTG’s Security Group. Dave Newell has specialized in healthcare security for over 15 years and launched a new security practice, Loptr, LLC in 2013. He is one of those rare individuals in the security field who not only has exceptional insight and knowledge of security technology but can articulate these concepts clearly to a diverse audience. We recorded an interview for this newsletter on the topic of healthcare security and privacy that I hope you will find both engaging and helpful.
October is National Cyber Security Awareness Month. Dave has provided information security awareness posters on phishing and passwords and has written a brief article on the security awareness campaigns.
Even though we seem to be facing new threats and a constant stream of attacks to our security and privacy, new technologies are emerging to combat them. One of the most promising is blockchain encryption, the technology at the core of digital currencies such as Bitcoin. There are many who believe it could revolutionize healthcare and the ways in which patients interact with healthcare providers. Dr. Adrian Gropper, a well-known member and contributor at S4PM, is an expert on this technology and I am pleased he was able to describe how this technology works and provide his perspective.
Lastly, Jan Oldenberg recently released a new book that caught my eye when I began researching for this issue of the newsletter: “Participatory Healthcare: A Person-Centered Approach to Healthcare Transformation”. Without disclosing too much, e-Patient Dave deBronkart believes this could become the definitive book in the field of participatory medicine.
I look forward to contributing to the topic of security and privacy in the future.
Keith Mattox is Security and Privacy Program Manager at Citrix. Prior to joining Citrix, Keith was Senior Compliance Officer at Hewlett Packard Enterprise. He has 14+ years in compliance and information security. Previous positions include Senior Security Consultant at CTG and Information Security Manager at RBC Bank. Keith joined the Society for Participatory Medicine in 2016.