Looking back and forward: Improving Health Data Security in Utah
Upcoming SlideShare
Loading in...5

Looking back and forward: Improving Health Data Security in Utah






Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Looking back and forward: Improving Health Data Security in Utah Looking back and forward: Improving Health Data Security in Utah Presentation Transcript

  • Looking Back and ForwardImproving Health Data Securityin UtahRobert Rolfs, MD, MPH22 May 2013
  • Privacy, Confidentiality, Data SecurityNot New!• Hippocratic Oath (5th century BC)All that may come to my knowledge in the exercise of myprofession or in daily commerce with men, which oughtnot to be spread abroad, I will keep secret and will neverreveal.• Privacy Act of 1974 – Fair information practices• Recognition of AIDS - 1981• HIPAA – Privacy Rule 2001• Federal Information Security Management Act of 2002– FISMA designated NIST to develop standards, guidelines,methods, and practices for information security
  • Health Data SecurityLooking BackToday’s Problems come from Yesterday’s“Solutions”Senge – The Fifth Discipline
  • Evolution of Public Health DataSecurity• 1994 – Principles and Practices of Public Health Surveillance– Ch 11 – “Computerizing PH Surv. Systems”• 2002 – PH Informatics and Information Systems– Chapters on legal framework, security, etc.• 2011 – Data Security and Confidentiality GuidelinesFor HIV, Viral Hepatitis, STD, and TB Programs
  • Computerization of Public Health Data• 1980s – mainframes, stand-alone computers– Restricted access to mainframes– Security often achieved by locking in filing cabinets• 1990s – Wave of integration– Development of networks, widespread PC’s– Focus on improving function, access to data, deriving value– Katz report, IS Vision, Data Stewardship, etc.• 21st century– Dramatic increase in access, flexibility, ability of individuals todevelop and implement information systems– Internet, web-based access, social media, etc.
  • Approaches to Information SystemDevelopment and Management• Central control and management very difficult– Rapid change, difficulty anticipating needs/future• Innovation and entrepreneurial approach• Centralization of IT services at DTS
  • IT Security Today• Breaches and consequences– Financial• Since 2012, OCR penalties– BCBS Tennessee – 57 unencrypted drives – $1.5 million– Alaska DHHS – stolen USB from vehicle - $1.7 million– UDOH – medicaid breach - $?– Trust• Legislation, cHIE, CSD• not confined to responsible party
  • IT SecurityLooking Forward• Greater central control is needed– There will be cost to flexibility, innovation, etc• Need to comply with complex and demandingregulations• Need to fundamentally improve IT practices sothat security is part of development and notafter thought• Cost of IT systems will increase
  • Health Data SecurityLooking ForwardToday’s Problems come from Yesterday’s“Solutions”Senge – The Fifth Discipline