The panelists were:
- James Craft, Chief Information Officer, Joint Improvised Explosive Device Defeat Organization, Department of Defense
- Steven Hernandez, Chief Information Security Officer, Office of Inspector General, Department of Health and Human Services
- Rose-Marie Nsahlai, Lead IT Security Specialist, Office of the National Coordinator for HIT, Department of Health and Human Services
- Dr. Joseph Lucky Ronzio, Deputy Chief Health Technology Officer, Veterans Health Administration, Department of Veterans Affairs
The main topics of discussion were in relation to Mobile Health Technology, Interoperability and Cybersecurity.
The discussion surrounding Mobile Health Technology focused on empowering the consumer / patient to be more active and collaborative with their providers when making health and wellness choices, and on embracing sensors and telehealth / telemedicine as alternatives to physician office visits. The Deputy CHTO of the VA, Dr. Ronzio, argued that both provide a better patient experience, while lowering costs for all parties. Moving forward, more emphasis will be placed on devices and mobility for both the patient and the provider. NSA, for example, is working on a "thin" encryption that is specifically for health and wellness devices, so the security layer is a lower overhead for the device.
1.) Easy and secure consumer access to electronic health information;
2.) No blocking of electronic health information / to adopt transparency; and,
3.) To adhere to federally recognized standards and best practices.
Given tightening budgets, all agencies voiced support for innovative solutions, assuming that a new solution replaces antiquated processes and systems, and, most importantly, saves money.
EHR security is one of the top priorities for DOD, HHS and the VA, particularly with the recent high visibility cybersecurity breaches that impacted numerous US hospitals, Anthem and OPM, just to name a few. According to IBM X-Force Interactive Security Incidents data from Jan. 1, 2015 to Oct. 31, 2015, almost 100,000,000 health care records have been compromised due to malicious attacks. A patient’s EHR can contain sensitive information such as SSN, addresses, financial and employment information in addition to medications, vaccination records, chronic conditions, etc. By gaining access to a patient’s EHR, a cyberterrorist can pinpoint and act on vulnerabilities such as directed bioterrorism or withholding medication for an individual, including US military personnel. DOD, HHS and the VA are continually looking to partner with organizations that can help mitigate these cybersecurity risks.