Today I listened in on the Health and Human Services conference call for the transport and security standards workgroup. The group is working through sections G and F of the Interoperability Roadmap and responding to comments.
The call was slow to start, but a couple of points really resonated with me today. Midway through the call the chair, Dixie Baker, commented;
“Healthcare is the number one target for hackers and yet there is no real central approach to attacks on the industry as a whole”
There was a lively discussion about whether the ISACs (Information Sharing and Analysis Centers) are capable of notifying people (like me) that a major security attack was going on so we could take action and prevent attacks. Would we know what to do with this information? I’d like to think so, but my main information source today is twitter, the media, and mailing lists. There isn’t really a good government feed to let me know what’s happening and what to do.
I’m really pleased they are discussing this, though I’m not sure how it’s going to resolve.
I was also pleased to see that a real discussion of the need to provide guidance on encryption is being had. As we all know, HIPAA doesn’t require encryption, nor does it provide guidance about what types of encryption should be used. National standards for healthcare encryption at rest and in transit is required and ONC should place a priority in this area.
Finally, the idea of identity proofing was considered in the context of healthcare. The idea of using the post office as an identity provider was floated. This could be the equivalent of a passport – a national identity document that Americans have been willing to accept in exchange for the right to travel.
A good meeting and worth my time.