Looking back and forward: Improving Health Data Security in Utah

337 views
308 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
337
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Looking back and forward: Improving Health Data Security in Utah

  1. 1. Looking Back and ForwardImproving Health Data Securityin UtahRobert Rolfs, MD, MPH22 May 2013
  2. 2. Privacy, Confidentiality, Data SecurityNot New!• Hippocratic Oath (5th century BC)All that may come to my knowledge in the exercise of myprofession or in daily commerce with men, which oughtnot to be spread abroad, I will keep secret and will neverreveal.• Privacy Act of 1974 – Fair information practices• Recognition of AIDS - 1981• HIPAA – Privacy Rule 2001• Federal Information Security Management Act of 2002– FISMA designated NIST to develop standards, guidelines,methods, and practices for information security
  3. 3. Health Data SecurityLooking BackToday’s Problems come from Yesterday’s“Solutions”Senge – The Fifth Discipline
  4. 4. Evolution of Public Health DataSecurity• 1994 – Principles and Practices of Public Health Surveillance– Ch 11 – “Computerizing PH Surv. Systems”• 2002 – PH Informatics and Information Systems– Chapters on legal framework, security, etc.• 2011 – Data Security and Confidentiality GuidelinesFor HIV, Viral Hepatitis, STD, and TB Programs
  5. 5. Computerization of Public Health Data• 1980s – mainframes, stand-alone computers– Restricted access to mainframes– Security often achieved by locking in filing cabinets• 1990s – Wave of integration– Development of networks, widespread PC’s– Focus on improving function, access to data, deriving value– Katz report, IS Vision, Data Stewardship, etc.• 21st century– Dramatic increase in access, flexibility, ability of individuals todevelop and implement information systems– Internet, web-based access, social media, etc.
  6. 6. Approaches to Information SystemDevelopment and Management• Central control and management very difficult– Rapid change, difficulty anticipating needs/future• Innovation and entrepreneurial approach• Centralization of IT services at DTS
  7. 7. IT Security Today• Breaches and consequences– Financial• Since 2012, OCR penalties– BCBS Tennessee – 57 unencrypted drives – $1.5 million– Alaska DHHS – stolen USB from vehicle - $1.7 million– UDOH – medicaid breach - $?– Trust• Legislation, cHIE, CSD• not confined to responsible party
  8. 8. IT SecurityLooking Forward• Greater central control is needed– There will be cost to flexibility, innovation, etc• Need to comply with complex and demandingregulations• Need to fundamentally improve IT practices sothat security is part of development and notafter thought• Cost of IT systems will increase
  9. 9. Health Data SecurityLooking ForwardToday’s Problems come from Yesterday’s“Solutions”Senge – The Fifth Discipline

×