Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • My Account
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Data/Lists
    • Rankings/Lists
    • Interactive Databases
    • Data Points
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Custom Media Event: ESG Summit
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Transformation Summit
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain Revenue Cycle
    • - Hospital at Home
    • - Workplace of the Future
    • - Virtual Health
    • - Future of Healthcare Staffing
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • MORE +
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Government
November 15, 2016 12:00 AM

HIMSS says federal government needs a national chief information security officer

Joseph Conn
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print

    A national chief information security officer could help stem the flood of data breaches hitting the healthcare industry, according to the country's largest healthcare IT industry trade association.

    The Healthcare Information and Management Systems Society said while HHS has had a chief privacy officer for seven years now, it's time for the agency to also appoint a CISO.

    A national cybersecurity leader “would mark a critically important step in elevating the posture of health organizations across the nation,” wrote Lee Kim, director of privacy and security at HIMSS, and Samantha Burch, its senior director of congressional affairs, in a blog post on the organization's website. “It is clear the health sector needs to change its attitude toward the adoption of cybersecurity practices.”

    A national CISO is needed “given the vast amount of data being breached and large numbers of healthcare organizations being compromised by both insider and external threat(s).”

    Since 2008, 39 providers and payers have shelled out nearly $52.5 million in settlement payments and one court-ordered fine for alleged privacy and security violations under HIPAA.

    The Obama administration's Office for Civil Rights at HHS brought 12 of those HIPAA cases this year. The most recent, in October, was against St. Joseph Health in California, which agreed to a $2.1 million HIPAA settlement.

    Healthcare data breaches

    But enforcement has done little to thwart the nationwide hacking of medical records, particularly those gushing into the computers of cybercriminals and/or hacking hobbyists.

    According to a Modern Healthcare analysis of the “wall of shame” website kept by the civil rights office since September 2009, there have been 1,314 breaches involving at least 500 individual patients' healthcare records reported to HHS. Of them, only 16% of the reported breaches have involved some form of hacking incident, but those cyber incidents have been the most severe of all breaches. Hacks account for 125 million individuals' records being breached, 81.5% of the total 153.4 million records exposed by all causes and reported to the list.

    In addition to a CISO, HIMSS has two other items on its “call to action” wish list.

    It asks that the healthcare industry adopt a voluntary, national cybersecurity framework of “guidelines, best practices, methodologies, procedures and processes.” HIMSS is also calling for HHS to work with the healthcare industry to address the chronic shortage of qualified cybersecurity personnel.

    Healthcare security consultant Michael McMillan agreed with the HIMSS recommendations across the board, adding it is imperative that the industry come together around a common approach to data security.

    “We will never build a trusted environment until we have standards we can all recognize and count on,” said McMillan, the CEO of co-founder of CynergisTek, an Austin, Tex.-based security firm. “Healthcare is one of the last industries to adopt a recognized cyber security framework and the question should be 'why?'”

    A national CISO should play a due role, not only having responsibility for promoting cyber security readiness throughout HHS itself, but also seeing to industry preparedness as well, McMillan said.

    Congress should also promote incentives for universities to offer cyber security programs, add cybersecurity courses to medical school and hospital administrator program and help individuals wanting to go back to school and specialize in cybersecurity, he said.

    But privacy expert Dr. Deborah Peel took issue with a cyber security framework siloed in the healthcare industry.

    “We need tough standards across the board,” said Peel, the founding of the Patient Privacy Rights Foundation. And, she said, “The standards should never be voluntary. They have to be required. If you want to hold data in these large databases, you have to prove you've met the standards,” with interim inspections and security audits required, she said.

    Peel said the most effective way to protect individuals' healthcare data is a so-called distributed system.

    “The information stays where it's created, period,” Peel said, with data aggregation, storage and release performed by the individual. “That's one of the most effective cyber security defenses,” she said. “It's too hard to break into 320 million different places to get information.”

    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    medicare and money
    Inspector General pushes CMS to recover $226M in Medicare overpayments
    Ezike 800.jpg
    Former Illinois health chief Ezike under scrutiny by state's top ethics investigator
    Sponsored Content
    Modern Healthcare Alert: Sign up for this breaking news email to be kept in the loop as urgent healthcare business news unfolds.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2022. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Data/Lists
      • Rankings/Lists
      • Interactive Databases
      • Data Points
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Transformation Summit
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain Revenue Cycle
        • - Hospital at Home
        • - Workplace of the Future
        • - Virtual Health
        • - Future of Healthcare Staffing
      • Custom Media Event: ESG Summit
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • MORE +
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing