Facing privacy and security challenges
Beth Walsh | November 20, 2015 | Health Exec | Cybersecurity

Two headlines this week highlight the challenges regarding the privacy and security of personal health data, especially as healthcare debates the interoperability of that very data and the systems they are stored within.

A report on the HITRUST Cyber Threat XChange (CTX) found that only 5 percent of organizations contributed indicators of compromise (IOCs), while 85 percent consumed them. Additionally, of the IOCs contributed to the HITRUST CTX in the sampling period, only 50 percent were considered “actionable,” defined as being useful in allowing preventative or defensive action to be taken without a significant risk of a false positive.  

The findings also show that many organizations are not effectively identifying cyberthreat indicators internally and, therefore, are unable to contribute them to the HITRUST CTX. When comparing indicators contributed by participants using current cyber discovery methods versus what was detected using breach detection systems during the reporting period, it was found that 286 times more IOCs were identified. Also, 24 percent of those identified IOCs were new and not previously submitted by any source to the HITRUST CTX.

Meanwhile, the National Institute of Standards and Technology (NIST) released the final draft of its report on de-identification of personal information.

NIST reviewed various de-identification techniques for removal of personal information from computerized documents. De-identification techniques are widely used but existing techniques are insufficient to protect personal privacy because certain remaining information can make it possible to re-identify individuals, according to privacy experts. 

“Privacy protection improves as more aggressive de-identification techniques are employed, but less utility remains in the resulting dataset,” according to the report.

The report concludes that although not perfect, de-identification is “a significant technical control that may protect the privacy of data subjects.” Also, there's a need for “standards and assessment techniques that can measurably address the breadth of data and risks” of de-identification.

These are just some of the myriad issues facing healthcare's ongoing effort to protect patient data. Here's hoping the stakeholders make progress and soon.

Beth Walsh

Clinical Innovation + Technology editor 

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Related Content

Ascension reverts to pen-and-paper operations after ransomware attack
Key trends in enterprise imaging
Ascension confirms ransomware caused service shutdowns, ambulance diversions
Six hospital groups urge UnitedHealth to take responsibility for Change Healthcare hack notifications
Ascension experiences disruption of operations after 'cybersecurity event'
AMA says Change Healthcare breach is crippling independent practices

Design by Adaptive Theme
Trimed Popup
Trimed Popup