Facing privacy and security challenges

Two headlines this week highlight the challenges regarding the privacy and security of personal health data, especially as healthcare debates the interoperability of that very data and the systems they are stored within.

A report on the HITRUST Cyber Threat XChange (CTX) found that only 5 percent of organizations contributed indicators of compromise (IOCs), while 85 percent consumed them. Additionally, of the IOCs contributed to the HITRUST CTX in the sampling period, only 50 percent were considered “actionable,” defined as being useful in allowing preventative or defensive action to be taken without a significant risk of a false positive.  

The findings also show that many organizations are not effectively identifying cyberthreat indicators internally and, therefore, are unable to contribute them to the HITRUST CTX. When comparing indicators contributed by participants using current cyber discovery methods versus what was detected using breach detection systems during the reporting period, it was found that 286 times more IOCs were identified. Also, 24 percent of those identified IOCs were new and not previously submitted by any source to the HITRUST CTX.

Meanwhile, the National Institute of Standards and Technology (NIST) released the final draft of its report on de-identification of personal information.

NIST reviewed various de-identification techniques for removal of personal information from computerized documents. De-identification techniques are widely used but existing techniques are insufficient to protect personal privacy because certain remaining information can make it possible to re-identify individuals, according to privacy experts. 

“Privacy protection improves as more aggressive de-identification techniques are employed, but less utility remains in the resulting dataset,” according to the report.

The report concludes that although not perfect, de-identification is “a significant technical control that may protect the privacy of data subjects.” Also, there's a need for “standards and assessment techniques that can measurably address the breadth of data and risks” of de-identification.

These are just some of the myriad issues facing healthcare's ongoing effort to protect patient data. Here's hoping the stakeholders make progress and soon.

Beth Walsh

Clinical Innovation + Technology editor 

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”