tag:blogger.com,1999:blog-4384692836709903146.post6532712991010757545..comments2024-03-27T09:55:23.143-07:00Comments on Dispatch from the Digital Health Frontier: Security for Healthcare Information ExchangeJohn Halamkahttp://www.blogger.com/profile/04550236129132159307noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4384692836709903146.post-48440854187495798132009-09-14T22:48:58.096-07:002009-09-14T22:48:58.096-07:00I see the future of healthcare data warehousing to...I see the future of healthcare data warehousing to become an environment in which patients have control of their information and move from simply being patients to being fully informed consumers.anti aginghttp://www.americanrxhealth.com/hydroxatone-reviews-instant-anti-wrinkle-skin-carenoreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-71026358627104197382009-09-14T09:12:25.387-07:002009-09-14T09:12:25.387-07:00Good points. I wonder if not having a national sec...Good points. I wonder if not having a national security policy is the reason that we have so much more difficulty adopting EHR and HIE than other countries do. <br /><br />Perhaps there is more incentive to access PHI because much of our healthcare is a for profit venture?GreenLeaveshttps://www.blogger.com/profile/16159362981477129396noreply@blogger.comtag:blogger.com,1999:blog-4384692836709903146.post-58566465933574668652009-09-14T05:59:05.770-07:002009-09-14T05:59:05.770-07:00I worked for years in the legal community building...I worked for years in the legal community building Internet connected software. Now as I delve into the Health IT world, I notice much of the same issues.<br /><br />It's not insurmountable.<br /><br />We discovered that a system's ability to do a few things helped with the security process:<br /><br />1. Audit - keep a trail of what happened and when. This trail should be detailed but easily reported against in case of incidents or just to understand how the system works to better improve it. This means all of the portions of the system need to support this audit trail, not just the "application". If the hosting OS doesn't let me know that someone logged in and became root, that's a problem. Every event should be auditable and reportable. This should be built-in so even small practitioners can take advantage of it.<br /><br />2. "Heuristic" systems - Like the doctor said, Security isn't some product, it's a process. But products can help enable and streamline that process. I like heuristic and trained systems, like Intrusion Detection/Prevention, application firewalls, network behavior analysis and systems like those that help us be proactive in security and, like audit trails, help us know what's going on. <br /><br />3. Like the doctor points out, the weakest link is your vulnerability. I can have whiz-bang Infosec, but if I can call your receptionist and con her into giving me passwords/information, it's all useless. That's why audit trails and early detection are important. If you have enough layers in place and good ways to monitor them, someone's going to hit your tripwire before they get to your pot of gold.<br /><br />4. Encrypt everything. The whole chain. From point A to point B. I don't care if you have private lines or your computer is locked behind steel doors. Encryption is easy to do these days for IT professionals. Really. Encrypt it all. Have a key escrow that's somewhere very very safe just in case you lose your keys.<br /><br />5. Educate. I like to think that my profession is oddly mysterious and inaccessible to all but the most devoted of this cabal, but the truth is... it's not so fancypants. As people, we know it's best practice to lock our cars, turn on the alarms in our office before we go home and not to reveal our PIN number. Educate people who work with computers the same way. There are some basic principles that, when taught, can drastically improve security across the board just by having the average person be an active participant in your security.<br /><br />I probably have more, but I really liked this column and just wanted to respond quickly.Bernzhttps://www.blogger.com/profile/16451988884915833897noreply@blogger.com