HIMSS Privacy and Security Committee: Who Knew Healthcare Privacy and Security Would Be So Cool?

Posted on October 6, 2011 by

Enjoy this guest blog from Sean Murphy, CPHIMS, CISSP-ISSMP, FACHE,  Chair, HIMSS Privacy & Security Committee. Thanks to Sean and all readers of the HIMSS Blog. Lisa Gallagher, BSEE, CISM, CPHIMS, Senior Director, Privacy and Security 

The business of healthcare information security and privacy is more prominent than ever.  Just a few highlights that fuel my enthusiasm:

  • We celebrated NHIT Week a few weeks ago from Sept. 12-17, 2011.  
  • October is National Cyber Security Month.
  • My son started his first semester in Information Systems and Network Security at a neighboring state university that offers in-state tuition to out-of-state students, if they pursue a degree in that field.  OK…so that fuels MY enthusiasm alone.

The point is, we are in a time and place in healthcare, where the spotlight has never shone brighter on the importance of making protected information available, ensuring integrity of information and keeping critical data confidential. 

During my commute today, I read with great interest in the Washington Examiner,   “Obamacare will put patients’ records at risk,” by an unnamed Examiner editorial writer. 

The key takeaway from the op-ed is, under the new legislation, the federal government mandates government access to all personal health records from private insurance databases.  The editor surmises that Speaker Pelosi “wasn’t kidding when she said that Obamacare had to be passed, so the rest of the country could discover what was in it.”  

Did you know this was in the 2,700 pages of legislation? 

In any case, the stated reason for the provision is so that the federal government can “evaluate the performance of the health insurers,” per HHS Secretary Kathleen Sebelius. 

I offer this snippet to underscore the need, the increasing need, for talented and dedicated people who value the tenets of healthcare information privacy and security to work together from  every side of this, and every, issue.    

Such discussion gives me a terrific lead-in for an introduction to a new year for your HIMSS Privacy and Security (P&S) Committee.  A very active committee, we are focused on being relevant, visible and connected to the issues, the HIMSS membership and the healthcare industry.  We see our primary customer as the healthcare information services executive and practitioners in the field struggling with making sense of the policies, looking for practical tools and wanting a link to like-minded professionals. 

The HIMSS P&S Committee is set to deliver on several initiatives that will meet specific goals and provide something you (we) can build upon and use.

One such initiative is continuing communication to you.  In the form of a HIMSS “PSST” (which stands for Privacy and Security Special Topic), we will share the timeliest information where you are.  Look for these via HIMSS and our committee’s growing presence on social media outlets,  like LinkedIn, Twitter and Facebook.  

We continue to evolve our volunteer organizational structure.  By continuing some established workgroups and task forces, and energizing a couple new ones, we continue to discuss topics that have generated many questions and requests for information from HIMSS membership. 

You’ll see usable results come out of our Risk Assessment and Patient Identity Integrity Work Groups (WGs).   In fact, the PII WG will be launching a Patient Identity Integrity Toolkit in the coming weeks!

We continue to create and refine practical resources for you via the popular P&S Toolkit Content Review Task Force, that provides editorial and maintenance oversight for all of our Toolkits. Our two newest work groups are the Mobile Security Work Group and the Cloud Computing Work Group.   Both of these new work groups will be publishing toolkits later this year.

The P&S Committee will keep on adding to the body of knowledge on medical device issues through the work of our Committee volunteers who seed various industry initiatives in this area.  And finally, the P&S Policy Task Force continues to support, as P&S subject matter experts, all the various policy initiatives and regulatory review processes of HIMSS. 

These efforts are direct responses to your input on surveys, e-mails and phone calls to HIMSS, and many other feedback mechanisms.  Keep the feedback coming–help us, help you!

I can’t outline every initiative and objective the P&S Committee, Task Forces, and Work Groups have this year.  But I cannot stop today without specifically mentioning our P&S Virtual Briefing coming up on Dec. 14.  The conference title says it all, “Privacy and Security: Practical Solutions for a Changing Landscape.”  Planned seminars during the half-day virtual conference include:

  • cloud/virtualization computing security,
  • HIE privacy and security,
  • mobile device security,
  • breach notifications,
  • risk assessments, and
  • patient identification.  

Of course, we’ll  promote the briefing and refine the agenda as the time draws closer.  For now, pencil us in on your calendar for this “can’t miss” event.

I leave you with the address to the HIMSS P&S landing page on the HIMSS website.  If you haven’t been there for a while…check in again and often.  Add it to your favorites.  It is already loaded with practical and reliable resources.  As I’ve mentioned, expect even more to come.

Oh, and as Colombo would say, “one more thing.” 

With all the celebrating you are undoubtedly did during NHIT Week, and are doing now for National Cyber Security month (Oct)…save a little room for next month…I don’t have a crystal ball, but if last year predicts this year, November will be “Critical Infrastructure Protection Month.” This, of course includes virtual infrastructure. 

The party never ends in this business.  Who knew we’d be so cool?  And with all the money I am saving in college tuition for my son…the next round is on me. 

Sean Murphy, CPHIMS, CISSP-ISSMP, FACHE, is the Chair, HIMSS Privacy & Security  Committee, and now, Executive Manager, Information Assurance, National Intrepid Center of Excellence, Bethesda, Md.  His areas of expertise are in HIPAA, HITECH, DIACAP, information security practices, IT leadership and medical device technology management.   

You can reach Sean directly at sean.murphy@med.navy.mil

About Lisa A. Gallagher, BSEE, CISM, CPHIMS

Lisa Gallagher, BSEE, CISM, CPHIMS, is HIMSS Senior Director, Privacy and Security.
This entry was posted in HIMSS Events, HIMSS News and Developments. Bookmark the permalink.

One Response to HIMSS Privacy and Security Committee: Who Knew Healthcare Privacy and Security Would Be So Cool?

  1. Randy Campbell says:
    October 6, 2011 at 9:15 am

    I couldn’t agree more with Sean’s call for more interest and focus on security and privacy issues within healthcare. As a leader of a security and compliance team performing risk assessments for numerous healthcare organizations, I can certainly vouch for the need. But it must start at the top of these organizations – regardless of what the recent healthcare reforms mandate, I can unequivocally say that those personal healthcare records are often already accessible – not by the government or the patients, perhaps, but by those with more nefarious intentions.

    I absolutely share Sean’s enthusiasm and strongly applaud the efforts of HIMSS and the Working Groups (I am a member of one such group), it’s this kind of advocacy and collaboration that continue to advance the cause of enabling a more efficient healthcare ecosystem by reducing the risk inherent in such intiatives.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s