Later this week, I'm joining a healthsystemCIO.com webinar about security and health information exchange.
A theme I discuss frequently in my keynotes and lectures is the current regulatory challenge which suggests we should engage patients/families, share data for care coordination in accountable care organizations, and use registries to analyze population health/public health all while keeping the data security and respecting patient privacy preferences. It's a tall order.
As I've posted previously , BIDMC hired Deloitte to perform a security assessment of our policies and technologies. Going through the assessment has given me a great opportunity to review the security standard practices in the healthcare industry and the best practices across all industries.
We've reviewed emerging techniques in Data Loss Prevention (DLP), Governance/Risk/Compliance (GRC) tools, Enterprise audit log analysis tools, Learning Management Systems, and Network Access Control.
BIDMC has implemented or is implementing most of these.
At the same time, we're passionate about healthcare information exchange technologies for provider/provider summaries and patient/provider communications (portals, automated blue button, and state hie connections to patients).
Here are the slides I'll use in the webinar , illustrating that it possible to secure the enterprise and at the same time use Direct-enabled, certificate protected, health information exchange with patients, providers, and payers.
The most secure library in the world would not check out any books - it would be a secure but useless library. We must protect privacy and at the some time share information. It is possible to achieve a balance that does both.