HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

CHIME Leader Says Healthcare Cybersecurity is Top Priority in 2015

Charles Christian, FCHIME, LCHIME, CHCIO, has the 2015 Trustees Chair at the College of Healthcare Information Management Executives (CHIME) and believes 2015 to be a year where positive changes will be made to improve cybersecurity in healthcare, although many challenges are faced.

Just as new technology is being used – and exploited – by cybercriminals looking to gain access to the Protected Health Information of patients, healthcare providers can easily use technology to keep the data of their patients protected. The technology exists to prevent any external unauthorized third parties from gaining access to protected information and this must be used to ensure that data remains confidential and private.

Evolving technologies are allowing greater protections to be placed on data, which can be effectively secured in motion and at rest. CHIME is committed to educating its members on new technology, how it can be used and implementing best practices to keep electronic Protected Health Information secure.

Christian believes that positive patient identification and cybersecurity to be two of the main challenges faced by healthcare industry this year, although meeting 365-day Stage 2 Meaningful Use reporting requirements for the next phase of the EHR Incentive Programs remains the number one focus.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Christian has highlighted the benefit technology has had on the national patient identifier, a matter that could greatly benefit the healthcare industry. Positive patient identification is a key issue for the healthcare industry, and it is something Christian has been pondering for some time. He was involved with the Indiana Health Exchange in the days before Meaningful Use, and positively identifying patients was a problem that had to be resolved without the benefit of a national patient identifier.

According to Christian, the coming months are going to be critical for the healthcare industry. “We’re going to find that care for the patient is going to be provided at a much different level than it ever has before because they’re trying to bend the cost curve down.” He says that “In order to do that, they’re going to have to find other alternatives for primary or urgent care.”

He points out that while emergency rooms used to be used only to treat medical emergencies, they are now being used more and more to provide urgent and even primary care. Patients are visiting different centers for different treatments, and keeping track of all the data is going to be difficult without some means of identifying each patient.

Christian says, “Everybody who is in that chain of care needs to know what’s been going on with that patient, particularly if they have chronic diseases like diabetes, COPD, or heart failure that are very serious diseases that have other co-morbidities that go along with it”. Keeping track of and marrying up all of that data is essential, but there is a lot of scope for errors to be made and this will become even more of an issue as time goes on.

Tackling Healthcare Cybersecurity Issues

Christian believes that the Chief Information Officer naturally should play an important role in ensuring privacy and security measures are being implemented on schedule; however he believes that another person should be focused on educating staff on best practices because it is not a one off job. It is a job that requires constant attention to respond to changing threats, new technology and the new tools to protect against those threats.

In order to keep on top of all of these issues he believes another person must take on the role, a position such as the chief security officer for instance. The CIO needs to be more focused on the regulatory environment as well as the changing operations of healthcare, according to Christian.

This was the thinking behind the launch of the Association for Executives in Healthcare Information Security (AEHIS), a separate organization that could remain focused on healthcare cybersecurity. He believes this will give it the flexibility needed to respond to the changing cybersecuirty demands of the healthcare industry and will be of much greater assistance.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.