More Notes About Security, Trust, and Access
The last day at HIMSS always seems to be the busiest, as conventioneers attempt to squeeze in those last few meetings with exhibitors and speakers. Our day proved no different as we were booked pretty much solid all day, with participants wanting to learn more about our Healthcare IT and security solutions.
Constructing Common Compliance
As HIMSS19 began to wrap, our discussions turned from the need for greater security and privacy towards finding ways to provide security and privacy assurance. One notable conversation I had was with The Health Information Trust or HiTRUST Alliance, a well-known non-profit association originally formed in 2007 to provide and promote standard risk and compliance management and de-identification frameworks.
HiTRUST is most highly regarded for their development of the Common Security Framework or “CSF,” now in its ninth revision. The CSF provides a comprehensive, flexible and efficient approach to regulatory compliance and risk management across HIT vendors.
When speaking to their representatives, I learned that in many larger healthcare institutions there exists a large set of HIT vendor relationships. Each comes to the table with its own – sometimes lengthy – series of questions and assessments during the evaluation of a HIT project. What Provider clients are looking for, however, is a way to streamline and standardize this process so that their procurement and IT personnel can stop spending inordinate amounts of time filling them out. Because each is different, with the number of vendors represented, it is nearly impossible to compare how similar or different each of these standard-sets really are.
Once again, HIT consumers themselves have arrived at a solution. An initial group of 17 large healthcare organizations in the US recently banded together with HiTRUST to form the Third Party Assurance Council or “TPAC.” This group has developed a single, comprehensive framework harmonizing multiple standards and best practices to support a single security and privacy readiness vendor assessment. HiTRUST supplies the training for assessors of its TPA tools, such that vendors can incorporate them into their services and consultancy offerings. Many, if not most, of the TPAC members now require a HiTRUST TPA in order to do business with them.
Realigning Routes for Rural and Remote
One topic that kept reappearing during this last day was how to provide consistent and secure healthcare access to all members of a provider network, regardless of economic context or geographic location. This is of great interest to medical associations whose memberships include very rural areas with disparate populations. I observed that two regions were often mentioned: the large Indian reservations throughout the South and Midwest US, and states with greater rural populations like Montana, Wyoming and the Dakotas.
In these areas it can be problematic to quickly and reliably access standard healthcare, as distances and distributions of facilities and practitioners can be few and far between. Even though our modern era has brought more interconnectivity in the form of better cellular and internet service, the means by which health information is exchanged and care obtained remains problematic.
During the discussions I had with these types of Providers, one idea was to combine Medtronic’s “Hospital of the Future” concept of remote access kiosks or pavilions, with Duke University’s “Energize the Chain” idea of supplying remote power and ping through Telco towers and services. An additional conversation explored ways in which large Telcos might supply both the distributed power and security required to assure protection of critical patient and provider information flowing between medical institutions and such remote sites.
Some Final Thoughts
It is assuring to see the tremendous advancements in healthcare IT at HIMSS, and to watch the industry’s slow but steady increase in technology adoption – not necessarily “quick,” but “quicker.” Without a doubt, three persistent and central concerns running throughout this conference were a) how to provide the best security for patients and providers, b) how to further assure concomitant privacy standards, and c) how to do both of these things while maintaining reliable and ready access across the entire population of healthcare patients and subscribers.
In retrospect, it certainly appears Unisys is in the best position possible to meet healthcare IT’s prevailing needs. With some of the best security people and IP in the business, coupled with the company’s award-winning Stealth™ technology and its deep industry knowledge, Unisys’ influence in this industry has nowhere to go but up.
This is your intrepid reporter signing off from Orlando. Thanks to everyone for following our HIMSS19 Conference Blog during these past three days.