The Federal Trade Commission has been taking a tougher regulatory stance on healthcare information technology in recent years, in an effort to protect the privacy and security of consumer health data. A senior FTC official told Congress that lawmakers can expect to see more of the same.
Jessica Rich, director of the FTC’s Bureau of Consumer Protection, warned House Oversight and Government Reform subcommittees that because consumers are taking a more active role in managing their health data through mobile apps and wearable devices, this information is being collected, used and shared outside of doctors’ offices and other traditional medical contexts, putting consumers at risk.
“Many of the entities creating these new consumer-facing products and services are not covered by HIPAA, which only provides protections for health information held or generated by certain covered entities—namely healthcare providers, health plans, and healthcare clearinghouses, and their business associates,” Rich testified. “The entities creating these new products are, however, within the FTC’s jurisdiction in most instances.
As consumers buy more smartwatches, activity trackers, holographic headsets, and other Internet of Things (IoT) devices, the need for improved security on these will become more pressing, With predictions that 30 billion devices the exposure is great and need for a solid plan is immense.
The ability to react quickly to threats of all kinds can effectively stop the hackers before they’ve done serious damage. But it requires a trusted community wherein organizations share security and threat intelligence, such as IP addresses of attackers, new types or malware or techniques criminals are engaging.
he healthcare industry is only just beginning to understand how much we lack control over personal data and, at the same time, Americans are putting more and more data onto social networks, making it that much harder to know how best to protect it.
Passwords have become one of modern life’s more annoying routines. None of us is happy when our office email or bank asks us to take a comfortable password and turn it into something that resembles a missile launch code.
Clinicians who need to log in and out of systems throughout the day can be forgiven for uttering choice expletives when asked to re-set passwords while caring for patients.
Strong passwords are an essential front line defense in protecting data and systems. So what is the best way to create an effective password policy?
A new study suggests that length is the most important factor, more effective than the current trend toward requiring a mix of numbers, with upper and lowercase letters.
Change is constant. In healthcare, companies are bought and sold every day. Processes must be altered, inefficient practices identified and eliminated.
Periods of change are when organizations are most vulnerable to security breaches – especially healthcare entities and the technology vendors that serve them. The addition of new hardware, devices, software, and applications to the larger IT network creates numerous opportunities for mistakes. For instance, it is common for organizations to overlook vendor default passwords on newly-added devices or programs. In many cases, these default passwords can be found easily on the Internet by hackers seeking to steal valuable information such as protected patient data. The unprotected devices are their entry point.
The scary truth is that only a little more than half of organizations apply the necessary change management principles to their IT assets. According to a study of configuration management for cloud-based infrastructures, 80 percent of outages impacting mission-critical services will be caused by people and process issues and 50 percent of those outages will be caused by issues related to handing off the system to new personnel.
Creating a culture of security, where everyone is responsible to think about possible failure points in their daily workflows partnered with understanding current technologies and policies is a strong, user centric approach that will yield insight into ongoing areas of potential failure and work to protect patient information.
Brenda Hopkins RN, MBA – CEO HealthcareDisruptors