Fierce Health Payer offers an interview with a cybersecurity expert who thinks that the recent megabreaches have focused business and government attention on improving data security.
As for preventing attacks at their own organizations, healthcare companies should take two major steps, according to [the interviewee David] Damato:
Identify the organization’s risk, or the data security issue it’s most concerned about. For most in the healthcare industry, this will be personal health information, Damato says.
Find ways to surround that sensitive information with the right number of controls that make it difficult to obtain, such as multifactor identification or data encryption. Data encryption alone, however, isn’t sufficient, he notes. Insurers also should avoid storing members’ data online past the point that it’s absolutely necessary, [according to another expert].
The FEHBlog agrees with both experts. In particular, the OPM data breach highlighted the key importance of multi factor authentication and careful data management policies that protect the organization’s crown jewels. Unfortunately lengthy government record retention requirements, e.g., the 10 year limitations period for the False Claims Act, lead to health plans retaining records for long periods of time.
Finally, Crain’s Chicago Business reports that the healthcare industry is anxious about the looming October 1 compliance date for the ICD-10 coding system. That’s no surprise. A train wreck may be in the offing. And the distressing part is that the switchover is totally unnecessary. It will not improve electronic claims processing which is HIPAA’s objective and as a doctor notes at the end of the Crain’s article “We’re ready [for the ICD-10],” he said. “But I’m not happy about it. There is nothing about ICD-10 that is going to help me with patient care.” The only folks happy about this change are the public health experts who hope that the new complex system will give them better information. But it could wind up being a case of garbage in, garbage out.